Go-based malware loader discovered
A cybersecurity company's research team has identified threat actors using a new Go-based malware downloader in two recent attacks. Arctic Wolf Labs calls it “CherryLoader”. This allows attackers to share exploits without recompiling the code. The loader's icon and name were disguised as the note-taking application CherryTree to deceive victims. The attacks examined used CherryLoader to install PrintSpoofer or JuicyPotatoNG. Both are access escalation tools that run a batch file after installation. This allows the attackers to remain on the victim's device. The most important…