The Power of Go and the Threat of Ransomware: Meet eCh0raix
I love the Go language. In fact, I have dumped C++ for most of my executable code, and now just use Go. Overall it is a simple, yet powerful, language and which produces robust, fast and powerful code. If you want any kind of library, it just connects to GitHub, and downloads the code in a simple to use form. For cryptography, it is one of the best languages around, as produces robust code, and which integrates most of the modern standards (such as RSA and Elliptic Curve for public key and AES for symmetric key encryption).
The Go language, though, is now evolving as one of the greatest threats in the creation of malware. While scripted languages, such as Python and Node.js, are often easy to detect, Go programs can easily install themselves in an executable format (or integrated as a Trojan program).
With Go, an adversary can create a fully compiled program, and which has access to a wide range of networking and cryptography methods, along with the direct access to the host machine. In fact, almost everything that a malware writer needs is in Go.
Now, a new Go-based ransomware —eCh0raix — has been detected in the wild. It has been named eCh0raix as there is a string of this name in the source code. A strange feature of it is that there seems to be a unique hard-coded public key for each…