According to a cybersecurity firm Intezer, an open-source programming language “Go/Golang” developed and launched by Google in 2007 is becoming the favorite language for malware authors at a very sharp rate.
Intezer claims that usage of Go programming language in malware spotted in wild has “increased by almost 2000% since 2017.” First Golang based malware was detected in 2012, and after TIOBE awarded Go as the “Programming Language of the Year” in 2016, it has brought to the attention of malware authors. Intezer also said that “Before 2019, spotting malware written in Go was more a rare occurrence and during 2019 it became a daily occurrence.”
The report also notes that Golang is used by both state-sponsored and non-state-sponsored threat actors, to often create penetration-testing toolkits.
According to ZDNet, the main reasons for rise in popularity of Golang in the malware ecosystem is its cross-platform compilation support which allows malware authors to target Windows, Mac, and Linux from a single codebase, and also as ZDNet notes that “Go-based binaries are hard to analyze and reverse engineer keeping Go-based malware detection rates low.”
Its networking stack is also a reason according to Intezer, “Go has a very well-written networking stack that is easy to work with. Go has become one of the programming languages for the cloud with many cloud-native applications written in it.”
From the reasons mentioned above, it looks like usage of Golang will continue to rise in the coming years along with C, C++, and Python as preferred languages for malware authors.