An IRC (Internet Relay Chat) bot written in GoLang has been used to launch distributed denial of service attacks (DDoS) in South Korea.
The attackers are using adult games as the lure, according to researchers from AhnLab. A RAT and DDoS malware was also used to launch the attacks:
“The malware is being distributed under the guise of adult games,” researchers from AhnLab’s Security Emergency-response Center (ASEC) said in a new report published on Wednesday. “Additionally, the DDoS malware was installed via downloader and UDP RAT was used.”
The attackers upload infected games as ZIP archives to webhards, which are remote file hosting services. When games are opened by the victim, a malware payload runs a malware payload besides launching the actual game.
This payload is a GoLang-based downloader, which the attacker control with a command-and-control server to retrieve other malware. Unlike other downloaders, it is also a DDoS bot:
“It is also a type of DDoS Bot malware, but it uses IRC protocols to communicate with the C&C server,” the researchers detailed. “Unlike UDP Rat that only supported UDP Flooding attacks, it can also support attacks such as Slowloris, Goldeneye, and Hulk DDoS.”
The programming language GoLang is becoming a popular choice with attackers, the researchers noted, due to its low complexity and cross-platform support.
The malware is being distributed through various websites, mostly Korean webhards.
It is recommended that users avoid clicking on links that lead to infected websites.
“Caution is advised when approaching executables downloaded from a file-sharing website. It is recommend[ed] for the users to download products from the official websites of developers,” AhnLab said.