They are focused on exploiting pain points in code analysis and reverse-engineering.
Malware developers are increasingly turning to unusual or “exotic” programming languages to hamper analysis efforts, researchers say
According to a new report published by BlackBerry’s Research & Intelligence team on Monday, there has been a recent “escalation” in the use of Go (Golang), D (DLang), Nim, and Rust, which are being used more commonly to “try to evade detection by the security community, or address specific pain-points in their development process.”
In particular, malware developers are experimenting with loaders and droppers written in these languages, created to be suitable for first and further-stage malware deployment in an attack chain.
BlackBerry’s team says that first-stage droppers and loaders are becoming more common in order to avoid detection on a target endpoint, and once the malware has circumvented existing security controls able to detect more typical forms of malicious code, they are used to decode, load, and deploy malware including Trojans.
Commodity malware cited in the report includes the Remote Access Trojans (RATs) Remcos and NanoCore. In addition, Cobalt Strike beacons are often deployed.
Some developers, however — with more resources at their disposal — are rewriting their malware fully into new languages, an example being Buer to RustyBuer.
Based on current trends, the cybersecurity researchers say that Go is of particular interest to the cybercriminal community.