Authors of malware are increasingly resorting to unusual programming languages to prevent analysis efforts, according to BlackBerry researchers.
In particular, the developers of malware are experimenting with the use of loader and droppers written in languages such as Golang and Dlang.
According to the team at BlackBerry, first-stage droppers and loader attacks are becoming more prevalent, as they can avoid detection by a target endpoint. These attacks then use more typical types of malware, including Trojans.
The report also highlighted various types of malware that attackers use to gain unauthorized access to sensitive information. Some of these include the RATs, NanoCore, Remcos, and Cobalt Strike beacons.
Some developers are rewriting their malware into new languages, such as Buer to RustyBuer.
However, researchers say that Go is particularly popular with cybercriminals, among them advanced persistent threat groups (APTs), state-sponsored groups, and commodity malware developers.
In June, security firm CrowdStrike revealed a new ransomware variant that borrowed features from HelloKitty and FiveHands and used a Go packer.
“…New Go-based samples are now appearing on a semi-regular basis, including malware of all types, and targeting all major operating systems across multiple campaigns,” the CrowdStrike team said.
Go and DLang are not as popular, but they have experienced a slow uptick in usage throughout 2021.
Instead of using traditional programming languages, attackers resort to using more unusual ones to prevent reverse-engineering efforts, hamper signature-based detection tools, and improve cross-compatibility.
Just because the language is unusual, the code adds complexity so that the malware developer doesn’t need to worry about it anymore, researchers explained.
“Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies,” commented Eric Milam, VP of Threat Research at BlackBerry. “This has multiple benefits from the development cycle and inherent lack of coverage from protective solutions. It is critical that industry and customers understand and keep tabs on these trends, as they are only going to increase.”