Security News > 2021 > July > Hackers Turning to 'Exotic' Programming Languages for Malware Development
Threat actors are increasingly shifting to "Exotic" programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts.
On the one hand, languages like Rust are more secure as they offer guarantees like memory-safe programming, but they can also be a double-edged sword when malware engineers abuse the same features designed to offer increased safeguards to their advantage, thereby making malware less susceptible to exploitation and thwart attempts to activate a kill-switch and render them powerless.
Noting that binaries written in these languages can appear more complex, convoluted, and tedious when disassembled, the researchers said the pivot adds additional layers of obfuscation, simply by virtue of them being relatively new, leading to a scenario where older malware developed using traditional languages like C++ and C# are being actively retooled with droppers and loaders written in uncommon alternatives to evade detection by endpoint security systems.
Earlier this year, enterprise security firm Proofpoint discovered new malware written in Nim and Rust that it said were being used in active campaigns to distribute and deploy Cobalt Strike and ransomware strains via social engineering campaigns.
In a similar vein, CrowdStrike last month observed a ransomware sample that borrowed implementations from previous HelloKitty and FiveHands variants, while using a Golang packer to encrypt its main C++-based payload. BlackBerry's latest findings show that these artifacts are part of an uptick in threat actors adopting Dlang, Go, Nim, and Rust to rewrite existing families or create tools for new malware sets over the past decade -.
"Programs written using the same malicious techniques but in a new language are not usually detected at the same rate as those written in a more mature language," BlackBerry researchers concluded.
News URL
Related news
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware (source)
- Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware (source)
- Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique (source)
- Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware (source)