Malware Makers Using ‘Exotic’ Programming Languages

2021-07-26 15:00

Malware authors are increasingly using rarely spotted programming languages such as Go, Rust, Nim and DLang in order to create new tools and to hinder analysis, researchers have found.

Malware makers might have a reputation for being slow to let go of whatever's working, but they're happy to pick up new programming languages for the same reasons as their law-abiding counterparts: It helps to rub out pain points in the development cycle, for one.

APT28, infamous for its alleged meddling in the 2016 presidential election via infiltration of the Democratic National Committee, is linked to a wide range of attacks and malware families, but the Zebrocy malware family in particular "Notably uses multiple uncommon programming languages within its kill chain," according to the report.

Below is a timeline of how the four languages have increasingly cropped up, particularly the languages Rust, Nim, and D. Blackberry analysts noted that it's not an exhaustive list of the malware families that have been developed in these languages.

Malware developers are pepping up old malware written in traditional languages like C++ and C# with droppers and loaders written in exotic languages, according to the writeup.

"The languages investigated in this report have bindings which allow them to interface with the Win32 API and use these API calls. In essence, they can use an almost-identical methodology to that of more traditional languages such as C++. This is not always the case, as particular languages can use their own APIs in place of Win32 APIs. For example, they could use cryptographic libraries that would restrict the visibility of certain events. However, the use of these libraries within a binary can often be 'signaturized' too."

News URL

https://threatpost.com/malware-makers-using-exotic-programming-languages/168117/

#malware