An IRC (Internet Relay Chat) bot strain programmed in GoLang is being used to launch distributed denial-of-service (DDoS) attacks targeting users in Korea.
“The malware is being distributed under the guise of adult games,” researchers from AhnLab’s Security Emergency-response Center (ASEC) said in a new report published on Wednesday. “Additionally, the DDoS malware was installed via downloader and UDP RAT was used. “
The attack involves uploading malware-laced software to webhards. This refers to either a web drive or remote file hosting server. It is compressed ZIP archives which contain an executable (“Game_Open.exe”), that can be opened to launch the game.
This payload, a GoLang-based downloader, establishes connections with a remote command-and-control (C&C) server to retrieve additional malware, including an IRC bot that can perform DDoS attacks.
“It is also a type of DDoS Bot malware, but it uses IRC protocols to communicate with the C&C server,” the researchers detailed. “Unlike UDP Rat that only supported UDP Flooding attacks, it can also support attacks such as Slowloris, Goldeneye, and Hulk DDoS. “
GoLang’s low development difficulties and its cross-platform support have made the programming language a popular choice for threat actors, the researchers added.
“The malware is being distributed actively via file sharing websites such as Korean webhards,” AhnLab said. It is important to be cautious when downloading executables from file-sharing websites. Users are advised to only download product from official developers’ websites. “
