4 ‘Exotic’ Programming Languages Popular With Malware Developers

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


When it comes to cybercrime, even malware developers need to brush up on certain programming languages to stay current.

Increasingly, malware authors are turning to four “exotic” programming languages—Go, DLang, Nim and Rust—to either give new life to older malware or as effective methods to hide their malicious code from security tools, all while avoiding analysis efforts by researchers. That’s according to a recent report published by BlackBerry’s Research & Intelligence division.

In many cases, malware developers are turning to these four languages to create new arrays of droppers and loaders that help form the first stage of an attack, according to BlackBerry.

Once these malicious tools have avoided detection and implant themselves within a network, the loader or dropper written in one of these languages can then retrieve second-stage malware, such as Remote Access Trojans (RATs) or malicious versions of legitimate tools such as Cobalt Strike, the report noted. All the while, this malware helps create a layer of obfuscation, making analysis of the attack more difficult.

“Each of these languages is relatively new and has little in the way of fully supported analysis tooling,” the researchers wrote. “As such, they can appear quite alien under the hood. It is because of their relative youth and obscurity that the languages themselves can have a similar effect to traditional obfuscation and be used to attempt to bypass conventional security measures and hinder analysis efforts.”

At the same time, cybercriminals and underground developers are eager to show off their skills. Building malware requires creativity, said Matthew Westfall, principal security consultant at tech firm nVisium.

“While commodity and weaponized malware have long dominated the threat landscape, an investigation into the world of non-commercial virus research shows there is still an active cohort of enthusiasts who are motivated by the thrill of implementation,” Westfall told Dice. “The challenge of ‘giving life’ to new languages and technologies through self-replicating code may be a more resilient force than strategic or financial gain, and it…

Source…