What is Arid Gopher? An Analysis of a New, Never-Before-Seen Malware Variant

From deepinstinct.com

Executive Summary
  • Deep Instinct’s Threat Research team has found a new, undocumented malware developed in Golang
  • The malware is attributed to APT-C-23 (Arid Viper)
  • Further research revealed additional, previously unseen second-stage payloads
New Malware Variant Discovery: Arid Gopher

Our Threat Research team maintains a vigilant watch over the cyber threat landscape, hunting for malware as a normal course of operations. The team recently encountered an executable file written in the Go programming language. The identified file was initially submitted to VirusTotal on December 29, 2021 and was detected by only six security vendors.

After initial inspection, two additional similar files written in Go have been found. During the analysis of these files, the team identified a previously unseen variant of Arid Gopher malware; the new unknown malware is a variant of the Micropsia malware, written and used exclusively by APT-C-23 (Arid Viper).

Read more…