Google Go programming language used for creating destructive Trojan
Posted on 19.09.2012
When Google introduced its Go programming language in 2009, they surely didn't hope for it to be used for writing malware but, as these things go, it was a only a matter of time until it happened.

Symantec researchers have recently analyzed a piece of malware found in the wild that contains some components written in Go.

The malware is a Trojan dubbed "Encriyoko", which in this particular instance came disguised as a tool for rooting Android devices.

Once installed and executed on the victims' PC, the file in question (GalaxyNxRoot.exe) would drop two Go-based executables: an information-stealing Trojan and a downloading component.

The first aims at collecting information about the targeted computer and the processes running on it and sending that information to a remote server, while the second downloads an encrypted DLL file from another remote server.

When this DLL file is decrypted and loaded, it tries to encrypt all source code files, images and audio files, archives, documents and many other files. If it manages to do so, it saves them all into one file (vxsur.bin) in the Temp folder.

"Restoration of the encrypted files will be difficult, if not impossible," the researchers point out.

I assume they mean that when the user doesn't have the key to do it - if so, could it be that this Trojan is part of a ransomware attack? Or are the attackers' intentions simply to wreak havoc?


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th