Threat Watch

ChaChi: a new GoLang Trojan used in attacks against US schools

A new Trojan written in the Go programming language has pivoted from attacks against government agencies to US schools. The research team from BlackBerry Threat Research and Intelligence said on Wednesday that the malware, dubbed ChaChi, is also being used as a key component in launching ransomware attacks. According to Intezer, there has been roughly a 2,000% increase in Go-based malware samples over the past few years. “As this is such a new phenomenon, many core tools to the analysis process are still catching up,” BlackBerry noted. “This can make Go a more challenging language to analyze.”

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Go malware is not only harder to analyze with the current state of analysis tools, but can also be harder for ML based antivirus like BlackBerry’s product Cylance Protect to detect. The best practices for defending against ransomware are to have employees well trained to spot and report phishing emails, use an enterprise email filtering solution, keep up to date with patches of security vulnerabilities in software, use EDR and implement behavioral detections that could detect the first stage of the attack before ransomware is deployed. To prepare for mitigation and recovery, it is important to maintain proper backups, keeping three copies of backup data with two on separate media devices and one off-site, and have a robust incident response plan to help get your organization back up and running quickly if a ransomware attack happens despite these measures.

 

https://www.zdnet.com/article/chachi-golang-a-new-go-trojan-focuses-on-attacking-us-schools/

 

 

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support