Genetic Malware Analysis for Golang

Intezer Analyze now proudly supports genetic analysis for files created with the Golang programming language. Community and enterprise users can detect and classify malware written in Go, within seconds!

Why is this Important?
Golang, also known as Go, is Google’s open-source programming language which has become popular among developers in the Windows and Linux platforms. While well-known open source projects such as Kubernetes and Docker are written in Go, this programming language is being exploited by adversaries to develop malware.

Golang malware may still be in its infancy, but according to Palo Alto Networks, we can expect Go-compiled malware to constitute a much larger market share of developed malware in years to come.

Even further, with the rapid growth of cloud infrastructure in recent years—and Linux becoming the predominant choice for cloud computing—Go malware could become a greater threat to enterprise cloud security.

Below are the Intezer Analyze features which are currently available for Golang:

  • Code reuse
  • View related samples
  • View the assembly code
  • Create vaccinations (code-based YARA rules) for proactive threat hunting (available in our enterprise edition)
  • IDA Pro plugin (available in our enterprise edition)

    HTRAN Case Study
    One of the advantages to genetically analyzing files written in Golang is being able to identify code connections between Windows and Linux executables. As evidenced by the recent discovery of ACBackdoor, cross-platform malware does exist between the two platforms.

    HTRAN is a hacking tool used by adversaries to conceal their location when interacting with victim networks. Intezer Analyze has detected Linux and Windows variants of HTRAN which share code with each other.

    Intezer Analyze Community
    Intezer proudly supports Genetic Malware Analysis for Windows and Linux executables, in addition to Android APK files. If you’re not an Intezer Analyze community user we encourage you to sign up for free at analyze.intezer.com. Community users can upload up to 10 files and scan one endpoint per day in order to:

  • Detect code similarities to known malware, legitimate applications, libraries, and more
  • Detect advanced in-memory threats such as malicious code injections, packed, and fileless malware
  • Obtain insights about malware families and threat actors
  • Receive monthly updates about new features, research, webinars, and more

    Additional Resources:

    More about Golang Malware:
    Check out our previous post on ACBackdoor: Analysis of a New Multiplatform Backdoor and Revealing the Origins of Software with Genetic Analysis for more insights.

    By Intezer – Count on Intezer’s Autonomous SOC solution to handle the security operations grunt work.

Leave a Reply

Your email address will not be published. Required fields are marked *