Malware on the Go

Friday 6 October 14:30 - 15:00, Small talks

Angel Villegas (Cisco Systems)

Go provides a fast compilation environment to create native platform binaries without the need to understand and handle some programming paradigms associated with lower languages like C. This provides an easier entry for malware authors to create malicious binaries that will work for different operating systems. The popularity and adoption rate of the language will make it an enticing vehicle for malware development.

How is Golang used in malware? Are malware authors writing malware in Go? Using it as a dropper? Trojan? RAT?

This talk will cover:

  • A study of Go in malware
  • A couple of malware families/samples leveraging Go
  • Challenges Go executables present for analysts
  • How to overcome some of the challenges

 (Note: this is a reserve paper for VB2017. Unless needed to replace another paper on the main programme, it will be presented in the Small Talks room at 14:30 on Friday 6 October. Programme changes will be announced at the event and displayed on the VB2017 programme page.) 



Angel M. Villegas

Angel M. Villegas is a malware reseacher for Cisco Talos. Amongst Angel's notable achievements, he is the author of FIRST - the Function Identification & Recovery Signature Tool, which allows infosec analysts and reverse engineers to perform collective malware analysis. Angel is also the creator of the Villegas Diet - a revolutionary new way to consume the tears of malware authors for sustenance.

Angel's hobbies include hot air balloon surfing, lion fish taming, and Sumarian freestyle rapping.






Other VB2017 papers

The state of cybersecurity in Africa: Kenya

Tyrus Kamau (Euclid Consultancy)

The cyber threats Kenya faces range from basic hacking such as website defacements, financial fraud, social media account…

Mariachis and jackpotting: ATM malware from Latin America

Thiago Marques (Kaspersky Lab)

Fabio Assolini (Kaspersky Lab)

Of all the forms of attack against financial institutions in the world, the ones that are most likely to combine traditional…

XAgent: APT28 cyber espionage on macOS

Tiberius Axinte (Bitdefender)

This paper provides an in-depth analysis of the macOS version of the APT28 component known as XAgent. We will dissect the…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.