Malware Writers Leverage Google Go

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Symantec researchers report that the new Trojan.Encriyoko uses components written in Google's Go programming language.

"Symantec acquired a sample of the new threat, a file named GalaxyNxRoot.exe that is meant to masquerade as a program for rooting Samsung Galaxy smartphones and tablets -- the process that liberates Android devices from Google OS controls," Infosecurity reports. "It’s a popular practice for those looking to customize the user interface or add third-party apps not approved by Google Play. But Symantec found that the file is actually a dropper written in .NET which disguises itself as a rooting tool to trick users into installing it. "

"Once installed on a Microsoft Windows PC, the Trojan attempts to use the Blowfish algorithm to encrypt all files matching various criteria including particular document types and a range of file sizes," writes The Register's John Leyden. "The key used to encrypt the data is either pulled from a particular file on the D: drive or is randomly generated. This renders the data useless to its owner if the cipher cannot be recovered."

"Restoration of the encrypted files will be difficult, if not impossible," writes Symantec's Flora Liu.

"Go is a relatively young language, introduced in 2009 by Google as an alternative to classic systems languages like C, C++ or Java," The H Open reports. "The dynamically typed language's syntax is strongly based on C and is known for supporting concurrency as a feature native to the language. It is possible the malware authors were using the language, which has yet to enter the mainstream, because malware researchers were unlikely to be familiar with it and the code generated by its compiler."