top | item 38724307

(no title)

I know there are other options, but here's the relevance:

"Go, also known as Golang, is recognized for its simplicity, efficiency, and cross-platform capabilities. Its ease of use has made it an attractive choice for malware authors seeking to create versatile and sophisticated threats."

They also mention it's a "growing trend in malware development"

discuss

jerf|2 years ago

It's been an issue for several years. It has its own entry on the official Go FAQ: https://go.dev/doc/faq#virus

Since Go binaries internally look different than "normal" binaries you see on Windows, it's really easy for the anti-virus systems to write signatures that basically trigger on all Go binaries. It's one of the bigger annoyances with Windows Go development; you often need to exclude your build directories from your virus scanner.

The only real disadvantage it has for malware development is that all else being equal, smaller malware is better than larger malware that does the same thing, and Go binaries are not small. But if you have a case where you don't care about that, all the same features that make it desirable to "real" programmers are useful for malware programmers too.

trealira|2 years ago

Just from hearing this, I was about to say "you could say this about Rust as well, so why hasn't Rust also become more popular for writing malware?" But apparently it has.

https://socradar.io/why-ransomware-groups-switch-to-rust-pro...

https://www.bleepingcomputer.com/news/security/new-rust-base...

Cthulhu_|2 years ago

How relevant is it being cross-platform given that a lot of malware exploits OS specific weaknesses? Although I suppose there's no reason to have a core malware with multiple exploits for multiple OSes.

FinalDestiny|2 years ago

Maybe it's useful for some of the shared logic outside of the exploit (like detecting if copied text is a wallet address)