Malware Creators Use Exotic Programming Languages To Rewriting Their Malware Into New Languages

 


Developers of malicious programs are increasingly resorting to the use of unusual or "exotic" programming languages ​​in order to make it difficult for information security experts to analyze malware. Recently, there has been an increase in the use of Go (Golang), D (DLang), Nim and Rust, according to a report from BlackBerry Research & Intelligence. Hackers use these languages ​​in order to avoid detection by information security experts or to solve certain problems in the software development process.


In particular, malware developers are experimenting with loaders and droppers written in exotic languages ​​that are better suited for deploying malware in the first and subsequent stages of an attack chain.


Level 1 bootloaders are becoming more common and help hackers avoid detection on a compromised system. After bypassing security solutions that can detect more common forms of malicious code, droppers are used to decode, download and install malware, including the Remcos and NanoCore remote access Trojans. In addition, Cobalt Strike beacons are often used during attacks.


In addition, some developers, with more resources at their disposal, are completely rewriting their malware into new languages, for example from Buer to RustyBuer.


Based on current trends, cybersecurity researchers have noted the particular interest of cybercriminals in the Go language. For example, a new variant of an unnamed ransomware discovered this June by experts at CrowdStrike borrowed features from HelloKitty (aka DeathRansom) and FiveHands, but used the Go wrapper to encrypt its main payload.

Previous Post Next Post