Search This Blog

Powered by Blogger.

Blog Archive

Labels

Encriyoko: The first malware developed in Google Go Programming language

go malware

I am not sure whether the Go programming language attracts the application developer or not, but it seems like malware authors interested in Go.  Symantec researchers have discovered a new piece of malware that contains some components developed in Go.

If you don't know about Go, let me introduce you. Go is an open source programming language introduced by Google in 2009. Find the rest of details about Go here.

The malware dubbed as "Encriyoko" attempts to encrypt various file formats on compromised computers, rendering the encrypted files unusable.

The attack starts with a file named GalaxyNxRoot.exe- written in .NET- disguises itself as a rooting tool to trick users into installing it.

Once executed , the file drops a couple of additional files named "PPSAP.exe" and "adbtool" in the Temp folder - both developed in Go.

The first file collects system information such as current running processes, user name, MAC address, etc., and upload it to a remote location. The second file downloads an encrypted file that contains a DLL file. It attempts to encrypt various file formats on the compromised computer.
Share it: