> "Based on the strings present in the PE file, it has been written in Go"
I find this kind of interesting. I've seen reports on other malware/virus stuff written in Go recently. I wonder if this is because the ability to cross compile with Go is pretty painless? Or is it because the language is fairly approachable but still allows you to dig a bit "deeper" if you need to?
Beyond assembly code and C, which is used for obvious reasons, malware authors often just use a language they are familiar with, like any other developer. Lots of malware has been written in Delphi, which has been popular in Eastern Europe, and even some in Visual Basic.
Maybe it’s a social reason and not a technical one… like, maybe Go is more popular in… some… country… and maybe that country happens to be over represented in… I mean, obviously not. Of course.
2. Technical users in China use VPN to circumvent said block, while non-technical users switch to something else
3. Technical users search for programming language terms a lot
4. Thus the normalized ratio of (programming language search queries) / (total search queries) is a lot higher in China compared to other countries where Google isn't blocked
They are proposing that countries where it is very lucrative and popular to write spyware for money are also countries where golang is popular, thus making it a social reason as to why they are getting written in golang as opposed to any technical one like cross compilation.
The list of countries where spyware is written intersected with golang popularity to me is actually a rough one, measuring languages' regional popularity always seems fraught.
In addition to easy cross compiling, being able to easily link statically is another nice feature of Go. You get one executable that has everything it needs to run.
That's exactly why I chose it when I made a PoC ransomware. That and using a virtual file system that bundles all assets into the executable, having a decent stdlib, tons of well written libraries and being able to cross-compile with ease.
I find this kind of interesting. I've seen reports on other malware/virus stuff written in Go recently. I wonder if this is because the ability to cross compile with Go is pretty painless? Or is it because the language is fairly approachable but still allows you to dig a bit "deeper" if you need to?