DragonSpark threat actor avoids detection using Golang source code Interpretation

The attackers employed an open source tool SparkRAT along with Golang malware that implements an uncommon technique to evade detection. Chinese threat actor tracked as DragonSpark targets organizations in East Asia with a Golang malware to evade detection. The Golang malware employed in the attacks interprets embedded Golang source code at runtime as a technique for deceiving static analysis and evading detection by static analysis mechanisms.