Security News > 2020 > November > Blackrota Golang Backdoor Packs Heavy Obfuscation Punch

Blackrota Golang Backdoor Packs Heavy Obfuscation Punch
2020-11-24 15:57

Researchers have discovered a new backdoor written in the Go programming language, which turned their heads due to its heavy level of obfuscation.

The backdoor, called Blackrota, was first discovered in a honeypot owned by researchers, attempting to exploit an unauthorized-access vulnerability in the Docker Remote API. What sets the backdoor apart is its use of extensive anti-detection techniques, which makes the malware extremely difficult to analyze - something that researchers said is not commonly seen with Golang-based malware.

The Blackrota backdoor is currently only available for Linux, in Executable and Linkable Format file format, and supports both x86/x86-64 CPU architectures, said researchers.

Upon further investigation, researchers found that Blackrota is configured based on what they called a "Geacon."

"The obfuscation method of Blackrota and EKANS creates new challenges for reverse analysis," said researchers.


News URL

https://threatpost.com/blackrota-golang-backdoor-obfuscation/161544/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Golang 13 1 36 91 16 144