A new Golang stealer has been identified by the Trellix Advanced Research Center targeting Windows users globally, including across the US, Europe, and Southeast Asia, and the potential for damage is alarming.
Trellix details how the use of Golang in malware development is still reasonably rare compared to other popular programming languages, however the new malware which has been dubbed Skuld is one of the few that is written with Go.
What this means is that, because of its simplicity and cross-platform compatibility, the malware has the potential to target numerous operating systems.
Golang malware is after your data
To make matters worse, Golang malware is typically harder to reverse engineer, meaning that it can take security researchers longer to detect and react with new malware removal techniques.
According to Trellix, the malware’s developer, who has been nicknamed Deathined, is believed to have taken inspiration from numerous open-source projects and malware samples to build Skuld.
It works by searching for data stored in applications like Discord and web browsers, and Trellix also suggests that a cryptocurrency asset-stealing module could be in the works.
Since its outbreak in late April, the US has been the center for attacks, with some European countries like France, Germany, and Ukraine also seeing large numbers of attacks.
Victims will see a fake error message, which, in Trellix’s example, reads: “Error code: Windows_0x988958 Something gone wrong.” Clicking “Ok” then executes the different modules which go on to steal information from the victim.
Skuld then sends the information back to the attacker via Discord webhook or Gofile upload service
Concluding its findings, Trellix maintains that this novel type of malware poses new threats to individuals and businesses, and the rise of Golang presents new challenges for security researchers.