Malware Makers Using ‘Exotic’ Programming Languages


Level 85
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
Malware authors are increasingly using rarely spotted programming languages such as Go, Rust, Nim and DLang in order to create new tools and to hinder analysis, researchers have found.

Use of those four languages is escalating in the number of malware families being identified, according to a report published on Monday by BlackBerry Research and Intelligence Team. The team chose those four languages to examine, partly because they fit its detection methodologies, but also since the languages have strong community backing and could be considered more developed.

“These uncommon programming languages are no longer as rarely used as once thought,” according to the writeup. “Threat actors have begun to adopt them to rewrite known malware families or create tools for new malware sets.”

Specifically, researchers are tracking more loaders and droppers being written in rarer languages. “These new first-stage pieces of malware are designed to decode, load, and deploy commodity malware such as the Remcos and NanoCore Remote Access Trojans (RATs), as well as Cobalt Strike,” according to the report. “They have been commonly used to help threat actors evade detection on the endpoint.”