Malware Authors Resort to 'Exotic' Programming Languages to Outsmart Security Researchers and Their Tools

Malware Authors Resort to ‘Exotic’ Programming Languages to Outsmart Security Researchers and Their Tools

Authors of malware are increasingly resorting to unusual programming languages to prevent analysis efforts, according to BlackBerry researchers.

According to a new report by BlackBerry’s Research & intelligence team, the use of various JavaScript languages such as Golang, Dlang, Nim, and Rust has spiked in order to evade the security community’s detection, “or address specific pain-points in their development process.”

In particular, the developers of malware are experimenting with the use of loader and droppers written in languages such as Golang and Dlang.

According to the team at BlackBerry, first-stage droppers and loader attacks are becoming more prevalent, as they can avoid detection by a target endpoint. These attacks then use more typical types of malware, including Trojans.

The report also highlighted various types of malware that attackers use to gain unauthorized access to sensitive information. Some of these include the RATs, NanoCore, Remcos, and Cobalt Strike beacons.

Some developers are rewriting their malware into new languages, such as Buer to RustyBuer.

However, researchers say that Go is particularly popular with cybercriminals, among them advanced persistent threat groups (APTs), state-sponsored groups, and commodity malware developers.

In June, security firm CrowdStrike revealed a new ransomware variant that borrowed features from HelloKitty and FiveHands and used a Go packer.

“…New Go-based samples are now appearing on a semi-regular basis, including malware of all types, and targeting all major operating systems across multiple campaigns,” the CrowdStrike team said.

Go and DLang are not as popular, but they have experienced a slow uptick in usage throughout 2021.

Instead of using traditional programming languages, attackers resort to using more unusual ones to prevent reverse-engineering efforts, hamper signature-based detection tools, and improve cross-compatibility.

Just because the language is unusual, the code adds complexity so that the malware developer doesn’t need to worry about it anymore, researchers explained.

“Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies,” commented Eric Milam, VP of Threat Research at BlackBerry. “This has multiple benefits from the development cycle and inherent lack of coverage from protective solutions. It is critical that industry and customers understand and keep tabs on these trends, as they are only going to increase.”

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.