Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

New Golang malware capable of cross-platform backdoor attacks spotted in the wild

Magnifying glass enlarging the word 'malware' in computer machine code.

Cybersecurity researchers from Trend Micro have recently spotted a never-before-seen backdoor malware being used to target a Chinese trading company.

The malware is called KTLVdoor, and since it’s written Golang, it can be used against both Windows and Linux-powered endpoints. It is designed to tamper with files, run code, and more: "KTLVdoor is a highly obfuscated malware that masquerades as different system utilities, allowing attackers to carry out a variety of tasks including file manipulation, command execution, and remote port scanning," Trend Micro researchers said in a security advisory published earlier this week.

The researchers also said that the tool masquerades as sshd, Java, SQLite, bash, edr-agent, and more.

Earth Lusca Golang malware

It was built by a Chinese threat actor called Earth Lusca. Apparently, the group distributes the malware either as a .DLL file, or as a .SO (shared object). However, the researchers are still pretty much in the dark when it comes to distribution: "This new tool is used by Earth Lusca, but it might also be shared with other Chinese-speaking threat actors," the researchers said. "Seeing that all C&C servers were on IP addresses from China-based provider Alibaba, we wonder if the whole appearance of this new malware and the C&C server could not be some early stage of testing new tooling."

Speaking of C2 servers, Trend Micro found more than 50 of them, all hosted on Alibaba. This led them to speculate that multiple groups could be sharing the same infrastructure.

Earth Lusca is a sophisticated cyber threat actor group, believed to be linked to advanced persistent threats (APTs) with a focus on espionage and intelligence gathering. The group, whose first reported activity dates back to 2021, is known for targeting a wide range of sectors, including government agencies, healthcare, telecommunications, and education, primarily in Southeast Asia.

Via The Hacker News

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.