> it is a shared object (SO) library that is loaded into all running processes using LD_PRELOAD<p>Doesn't seem that stealthy to me, checking `/proc/*/environ` is fairly standard. Or just typing "set".. or "env".. or calling "print(os.environ)" or calling "php_info()"... The linked article tells more about this malware, and it seems it has no countermeasures to such simple things.<p>And not to mention that all Go programs do not use dynamic linker, so any system tool written in Go will not be affected.