Because of this great combination it has become very popular with threat actors. Beginning in 2019 the threat landscape saw several RATs (Remote Access Trojans) written in Golang. This preference also spilled over into cryptominers, ransomware, backdoors, botnets, and other malware. It has been identified in Nation-State backed attacks as well as ones from criminal groups and individual attackers.
The increase in malware written in Go was around 2000% in 2020 and it has been going up since.
The sophistication of some of the tools and malware that have been identified are impressive. In one recent attack on the National Chinese Games a Golang written tool was discovered that allowed for one-click exploitation of an environment it was deployed in. The flexible nature of Golang cannot be understated here. Because it is relatively simple to build tools and malware for multiple platforms and CPU architectures it makes it ideal for this type of work.
Threat actors now have a great coding resource to use in targeting IoT devices as well as your common endpoint processors. As we see more and more attacks at the hardware level and aimed at cloud resources, we are likely to see an increase in the use of Go for the tools and malware leveraged in these attacks. The simple and efficient language created by the Developers at Google in 2007 has had an unexpected consequence in making things easier for threat groups as well.
Now this does not really change defensive responses all that much as these binaries are still detectable by anti-malware solutions (especially math based ones), but it does indicated that the development time for new and/or updated malware strains and families may be significantly reduced as it becomes easier to develop them through Golang. This, in turn, means that while the tools used to defend and respond will not change much, the time to remediation needs to be much shorter to compensate for the reduced development time.