There's usually cryptography libraries in multiple languages if the exploiter is trying to be really fancy, or as simple as a string prefix search for common blockchain wallet address prefixes if the malware writer wants to be a bit lazier and save some time. So I tend to agree with the other user, this could have been done in just about any language (if not any language) so calling out Go just seems like a pointless finger-pointing at Go.
