Creator of Malware Using “Exotic” Programming Language

Creator of Malware
Share It On:

30th July 2021, Kathmandu

Threat actors are increasingly turning to “exotic” programming languages, such as Go, Rust, Nim, and Dlang, which can better circumvent traditional security protections, evade analysis, and hamper reverse engineering efforts.

“Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of new technologies,” said Eric Milam, vice president of threat research at BlackBerry. “This strategy has multiple development cycle benefits and the inherent lack of protection product coverage.” Malware makers may be known to quit any job slowly. Still, they are happy to adopt a new programming language for the same reason as their law-abiding counterparts – it helps eliminate weak spots in the development cycle, for example. . Furthermore, from the perspective of malware authors, the new language puts its creation one step ahead of protection tools, or two or three steps.

Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of new technologies,” wrote Eric Milam, vice president of threat research. “This reaps multiple benefits from the lack of coverage inherent in the development cycle and protection solutions.”

On the one hand, languages ​​like Rust are more secure because they provide guarantees such as memory-safe programming, but when malware can also be a double-edged sword when engineers abuse the same functions designed to provide more protection for their advantages, which makes the malware less vulnerable to exploitation and prevents attempts to activate Killswitch and renders them powerless.

The Stack Overflow team noted that binaries written in these languages ​​could appear more complex, complicated, and tedious when unmounted. The researchers said that pivot adds a layer of confusion simply because they are relatively new, leading to, In this case, malware developed in traditional languages ​​such as C ++ and C # is actively reorganizing itself, using droppers and loaders written in alternatives. Unusual to evade detection by terminal security systems.

Earlier this year, the enterprise security company Proofpoint discovered new malware written with Nim (NimzaLoader) and Rust (RustyBuer), allegedly used to distribute and implement Cobalt Strike and ransomware through social engineering activities. Similarly, CrowdStrike observed a ransomware sample last month that borrowed implementations of early variants of HelloKitty and FiveHands while using a Golang wrapper to encrypt its main C++-based payload.

Rust Convuster Adware, Rust Convuster Adware, RustyBoteles Downlouer The TeleBots downloader BlackBerry researchers concluded that the same malicious technology in a new language is usually not detected at the same speed as a technology written in a more mature language.

 Chargers, droppers, and wrappers […] in many cases are just changing the first stage of the infection process rather than changing the core components of the movement. This is the latest threat actor moving the route outside of the security software that may not be activated in the later stages of the original campaign. “


Share It On:

Recent Posts

Kumari Bank Promoter Share Sale: Eligibility, Application Process, and Price

Kumari Bank Promoter Share Sale: Eligibility, Application Process, and Price

Share It On:21st November, Kathmandu Kumari Bank Limited has officially declared its intention to sell a substantial number of promoter

Up to NPR 150 Cashback on Nepal Telecom and Ncell Services with Namaste Pay

Up to NPR 150 Cashback on Nepal Telecom and Ncell

Share It On:21st November, Kathmandu Namaste Pay has unveiled an exciting new campaign to reward its users with cashback on

Ncell introduces innovative feature, enabling customers to convert voice to data or data to voice services

Ncell introduces innovative feature, enabling customers to convert voice to

Share It On:21st November, Kathmandu Ncell customers can enjoy an innovative feature that allows them to convert or exchange remaining

Genese Solution’s G-TEC: Empowering Women in Tech and Creating a Diverse Tech Workforce in Nepal

Genese Solution’s G-TEC: Empowering Women in Tech and Creating a

Share It On:21st November 2024, Kathmandu Genese Solution – a value IT consulting company, and Kageshwori Manohara municipality, have joined

Shikhar Insurance: Celebrating 20 Years of Service and Commitment to Nepali Customers

Shikhar Insurance: Celebrating 20 Years of Service and Commitment to

Share It On:21st November 2024, Kathmandu Shikhar Insurance had a grand celebration for their 20th Anniversary. On the occasion of

India’s Generative AI Startups: A Comprehensive Look at 2024’s Key Trends and Investments

India’s Generative AI Startups: A Comprehensive Look at 2024’s Key

Share It On:21st November 2024, Kathmandu As 2024 draws to a close, India’s generative AI ecosystem stands out as a