26. June 2021

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

A new Trojan written in the Go programming language has shifted its focus from government agencies to schools in the United States. 

The malware, termed ChaChi, is also being utilized as a critical component in initiating ransomware assaults, according to a research team from BlackBerry Threat Research and Intelligence. ChaChi is built in GoLang (Go), a programming language used with threat actors as a replacement for C and C++ because of its flexibility and simplicity of cross-platform code compilation. Over the last two years, there has been a 2,000 percent growth in Go-based malware strains, according to Intezer. 

ChaChi was spotted in the first half of 2020 and the original variant of the Remote Access Trojan (RAT) has been linked to cyberattacks against French local government bodies, as documented by CERT France in an Indicators of Compromise (IoC) report (.PDF); nevertheless, a considerably more sophisticated variation has since emerged. 

The most recent samples have been linked to attacks against significant US schools and educational institutions. In comparative analysis to ChaChi’s first variant, which had inadequate obfuscation and low-level capabilities, the malware can now conduct typical RAT operations such as backdoor creation and data exfiltration, as well as credential dumping via the Windows Local Security Authority Subsystem Service (LSASS), network enumeration, DNS tunneling, SOCKS proxy functionality, service creation, and lateral movements across networks.