Malware developers rewrite malware in exotic languages

Get a free Techzine subscription!

BlackBerry’s Research and Intelligence team just published a new report on Monday, showing that Go (Golang), D (DLang), Nim and Rust, are rising in popularity. The languages are enjoying an uptick for their characteristics which makes them better suited to evade security and addressing specific pain points in the devs process.

Malware developers are experimenting with droppers and loaders written in these languages, created for first and further-stage malware deployment when launching attacks.

BlackBerry’s team says that first-stage droppers and loaders are becoming common, in an attempt to avoid detection and target endpoints.

The emerging trend in malware

Once the malware has been sneaked past security controls that are designed to detect more types of malicious code, they are then used to decode, load and deploy malware. Some of the malware cited in the report include Remote Access Trojans (RATs), NanoCare, and Remcos.

Cobalt Strike beacons are seeing more frequent use.

Some developers, with more resources to spare, are rewriting their malware fully, into new languages. One of the examples includes Buer to RustyBuer.

Based on the trends, researchers are saying that Go is of particular interest to many cybercriminals.

This could get out of hand

BlackBerry further reports that advanced persistent threat state-sponsored groups and commodity malware developers are seriously interested in the upgrade exotic languages offer to their tools.

CrowdStrike reported in June that a new ransomware variant copied features from HelloKitty/DeathRansom and FiveHands, but encrypted its main payload using Go. The team says that the assumption is based on the fact that new Go-based samples are now appearing more often.

DLang may not be as popular as Go, but it too is seeing a slow uptick in adoption this year. The researchers say that this may be an effort by the attackers to make reverse-engineering harder and avoid signature-based security protections, with more increases predicted.