Security News > 2023 > January > Hackers use Golang source code interpreter to evade detection
A Chinese-speaking hacking group tracked as 'DragonSpark' was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia.
What makes the campaign stand out is the use of Golang source code iterpretation to execute code from Go scripts embedded in the malware binaries.
This Go script is used to open a reverse shell so that threat actors can connect to it using Metepreter for remote code execution.
This malware uses the Yaegi framework to interpret the embedded, base64-encoded source code stored within the compiled binary during runtime.
This allows the code to execute without compiling it first to evade static analysis.
This technique is a rather complex but effective static analysis hindering technique, as most security software only evaluates the behavior of compiled code rather than source code.