Creator of Malware Using “Exotic” Programming Language

Creator of Malware
Share It On:

30th July 2021, Kathmandu

Threat actors are increasingly turning to “exotic” programming languages, such as Go, Rust, Nim, and Dlang, which can better circumvent traditional security protections, evade analysis, and hamper reverse engineering efforts.

“Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of new technologies,” said Eric Milam, vice president of threat research at BlackBerry. “This strategy has multiple development cycle benefits and the inherent lack of protection product coverage.” Malware makers may be known to quit any job slowly. Still, they are happy to adopt a new programming language for the same reason as their law-abiding counterparts – it helps eliminate weak spots in the development cycle, for example. . Furthermore, from the perspective of malware authors, the new language puts its creation one step ahead of protection tools, or two or three steps.

Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of new technologies,” wrote Eric Milam, vice president of threat research. “This reaps multiple benefits from the lack of coverage inherent in the development cycle and protection solutions.”

On the one hand, languages ​​like Rust are more secure because they provide guarantees such as memory-safe programming, but when malware can also be a double-edged sword when engineers abuse the same functions designed to provide more protection for their advantages, which makes the malware less vulnerable to exploitation and prevents attempts to activate Killswitch and renders them powerless.

The Stack Overflow team noted that binaries written in these languages ​​could appear more complex, complicated, and tedious when unmounted. The researchers said that pivot adds a layer of confusion simply because they are relatively new, leading to, In this case, malware developed in traditional languages ​​such as C ++ and C # is actively reorganizing itself, using droppers and loaders written in alternatives. Unusual to evade detection by terminal security systems.

Earlier this year, the enterprise security company Proofpoint discovered new malware written with Nim (NimzaLoader) and Rust (RustyBuer), allegedly used to distribute and implement Cobalt Strike and ransomware through social engineering activities. Similarly, CrowdStrike observed a ransomware sample last month that borrowed implementations of early variants of HelloKitty and FiveHands while using a Golang wrapper to encrypt its main C++-based payload.

Rust Convuster Adware, Rust Convuster Adware, RustyBoteles Downlouer The TeleBots downloader BlackBerry researchers concluded that the same malicious technology in a new language is usually not detected at the same speed as a technology written in a more mature language.

 Chargers, droppers, and wrappers […] in many cases are just changing the first stage of the infection process rather than changing the core components of the movement. This is the latest threat actor moving the route outside of the security software that may not be activated in the later stages of the original campaign. “


Share It On:

Recent Posts

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Share It On:5th November 2024, Kathmandu Citizens Bank International Limited signed an agreement with Nepal’s leading online marketplace, Daraz, to

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat Win CDU IT CodeFair CTF

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat

Share It On:5th November 2024, Kathmandu Bipu Ojha and his teammate Tuan Khuat have emerged as winners in the prestigious

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

Share It On: 5th November 2024, Kathmandu CEDB Hydropower Development Company Limited has successfully concluded its extraordinary general meeting. CEDB

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Share It On: 5th November, Kathmandu The Department of Information and Broadcasting has announced the launch of a new insurance

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For Growth

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For

Share It On:5th November, Kathmandu Nepal Life Insurance, a leading life insurance company in Nepal, has recently expanded its footprint

Global IME Dividend Announcement: Key Book Closure Date Revealed

Global IME Dividend Announcement: Key Book Closure Date Revealed

Share It On:5th November 2024, Kathmandu Global IME Bank has good news for its shareholders! The bank has announced a