[FinalDestiny]

I know there are other options, but here's the relevance:

"Go, also known as Golang, is recognized for its simplicity, efficiency, and cross-platform capabilities. Its ease of use has made it an attractive choice for malware authors seeking to create versatile and sophisticated threats."

They also mention it's a "growing trend in malware development"

[jerf]

It's been an issue for several years. It has its own entry on the official Go FAQ: https://go.dev/doc/faq#virus

Since Go binaries internally look different than "normal" binaries you see on Windows, it's really easy for the anti-virus systems to write signatures that basically trigger on all Go binaries. It's one of the bigger annoyances with Windows Go development; you often need to exclude your build directories from your virus scanner.

The only real disadvantage it has for malware development is that all else being equal, smaller malware is better than larger malware that does the same thing, and Go binaries are not small. But if you have a case where you don't care about that, all the same features that make it desirable to "real" programmers are useful for malware programmers too.

[trealira]

Just from hearing this, I was about to say "you could say this about Rust as well, so why hasn't Rust also become more popular for writing malware?" But apparently it has.

https://socradar.io/why-ransomware-groups-switch-to-rust-pro...

https://www.bleepingcomputer.com/news/security/new-rust-base...

[Cthulhu_]

How relevant is it being cross-platform given that a lot of malware exploits OS specific weaknesses? Although I suppose there's no reason to have a core malware with multiple exploits for multiple OSes.

[FinalDestiny]

Maybe it's useful for some of the shared logic outside of the exploit (like detecting if copied text is a wallet address)

[starttoaster]

There's usually cryptography libraries in multiple languages if the exploiter is trying to be really fancy, or as simple as a string prefix search for common blockchain wallet address prefixes if the malware writer wants to be a bit lazier and save some time. So I tend to agree with the other user, this could have been done in just about any language (if not any language) so calling out Go just seems like a pointless finger-pointing at Go.