The Trend of Golang in Cyber Security

The Trend of Golang in Cyber Security

  • Mohinee Singh
  • 0 Comment
  • June 1, 2021

Brief History of the Go Language

Golang, an open-source programming language created by Google in 2009, continues to be a go-to language for malware authors. Although the language is about 10 years old, given the features it offers, the malware development community has been making use of it in recent times and the rate of use has been steadily on the rise.

It has been reported the number of malware strains coded in the Go programming language has seen a sharp increase of around 2,000% over the last few years since 2017.

Advantages of GoLang over Python:

  1. Python, which has been around since 1991, gained prominence only in the last five years mainly due to the ease at which the language can be used. However, the simplicity of the language may be challenged by other programming languages such as Google’s Go or GoLang.
  2. Utilizing rare code such as Go, is an attractive and lucrative tactic due to the much higher potential success rate the techniques can provide. Currently, Golang produce’s a much lower detection rate against security software when compared with popular malware code languages such as C & Python, C++.
  3. The multi-variate language enables a single codebase to be compiled into all major operating systems such as Linux, Windows, and Mac.
  4. Many developers claim that GoLang is much easier and simpler than Python in many respects. While GoLang is a compiled language, it can be compiled into a single binary. It is capable of statically linking its dependency libraries into a single binary file. Thus, instead of downloading dependencies on the server, the simple task of uploading a compiled file will enable the app to function.
  5. Moreover, GoLang stores a myriad of tools which means the task of searching for third-party libraries in eliminated.

Recent cases of Golang:


SUNSHUTTLE is written in GO and reads an embedded or local configuration file, communicates with a hard-coded command and control (C2) server over HTTPS and supports commands including remotely uploading its configuration, file upload and download, and arbitrary command execution. Notably, SUNSHUTTLE uses cookie headers to pass values to the C2, and if configured, can select referrers from a list of popular website URLs to help such network traffic “blend in.”

WellMess Malware:

This Go malware comes in 32-bit and 64-bit variants as both ELF and PE files, allowing the threat actor to develop the malware once and deploy it to many different architectures. The malware builds a pipe-separated user parameters string based on the victim machine’s computer name, user domain, user name, and several hardcoded values in the malware, and stores it for use throughout the malware’s execution.


According to GitHub 2.0, Python and Go were identified among the top five languages of 2019. In July 2019, researchers confirmed nearly 10,700 samples of malware that were written in GoLang. Google-created language is gaining popularity and prominence among hackers and the malware development community and may overtake the use of Python.


Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Tuned With Us

Subscribe now and receive weekly newsletter with educational materials, , interesting posts,
upcoming free events, popular books and much more!