30th July 2021, Kathmandu
Threat actors are increasingly turning to “exotic” programming languages, such as Go, Rust, Nim, and Dlang, which can better circumvent traditional security protections, evade analysis, and hamper reverse engineering efforts.
“Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of new technologies,” said Eric Milam, vice president of threat research at BlackBerry. “This strategy has multiple development cycle benefits and the inherent lack of protection product coverage.” Malware makers may be known to quit any job slowly. Still, they are happy to adopt a new programming language for the same reason as their law-abiding counterparts – it helps eliminate weak spots in the development cycle, for example. . Furthermore, from the perspective of malware authors, the new language puts its creation one step ahead of protection tools, or two or three steps.
“Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of new technologies,” wrote Eric Milam, vice president of threat research. “This reaps multiple benefits from the lack of coverage inherent in the development cycle and protection solutions.”
On the one hand, languages like Rust are more secure because they provide guarantees such as memory-safe programming, but when malware can also be a double-edged sword when engineers abuse the same functions designed to provide more protection for their advantages, which makes the malware less vulnerable to exploitation and prevents attempts to activate Killswitch and renders them powerless.
The Stack Overflow team noted that binaries written in these languages could appear more complex, complicated, and tedious when unmounted. The researchers said that pivot adds a layer of confusion simply because they are relatively new, leading to, In this case, malware developed in traditional languages such as C ++ and C # is actively reorganizing itself, using droppers and loaders written in alternatives. Unusual to evade detection by terminal security systems.
Earlier this year, the enterprise security company Proofpoint discovered new malware written with Nim (NimzaLoader) and Rust (RustyBuer), allegedly used to distribute and implement Cobalt Strike and ransomware through social engineering activities. Similarly, CrowdStrike observed a ransomware sample last month that borrowed implementations of early variants of HelloKitty and FiveHands while using a Golang wrapper to encrypt its main C++-based payload.
Rust Convuster Adware, Rust Convuster Adware, RustyBoteles Downlouer The TeleBots downloader BlackBerry researchers concluded that the same malicious technology in a new language is usually not detected at the same speed as a technology written in a more mature language.
Chargers, droppers, and wrappers […] in many cases are just changing the first stage of the infection process rather than changing the core components of the movement. This is the latest threat actor moving the route outside of the security software that may not be activated in the later stages of the original campaign. “
