Hackers turning to 'exotic' languages for next-gen malware, report warns

Coding languages such as Go, Rust, Nim and DLang are allowing malware authors to avoid signature detection and add layers of obfuscation

Hackers are increasingly turning to relatively obscure programming languages when coding malware in a bid to avoid detection and pose greater challenges for the cyber security industry.

Security professionals are coming across greater numbers of malware strains that are being written in ‘exotic’ languages such as Go, Rust, Nim, and DLang, according to researchers with Blackberry. Operators are even adopting these languages to rewrite existing malware families and create tools for new malware sets.

It has been found that these coding languages typically thwart signature-based detection, while malware analysis tooling doesn’t always adequately support unconventional programming languages.

These languages themselves also serve as a layer of obfuscation, because each of them is relatively new and has little in the way of supported analysis tooling. However, these four languages identified in the report are each fairly developed and have a strong community backing.

“Programs written using the same malicious techniques but in a new language are not usually detected at the same rate as those written in a more mature language,” the report concluded. “This is the latest trend in threat actors moving the line just outside of the range of security software in a way that might not trigger defenses in later stages of the original campaign.”

“Malicious binaries written in languages like D, Rust, Go, or Nim currently comprise a small percentage of the languages being used by bad actors in the world today, but it is imperative that the security community stay proactive in defending against the malicious use of emerging technologies and techniques.”

Each language has its own benefits and drawbacks in different scenarios, the researchers also explained. Nim, for example, can be compiled into several languages such as C, C++, and even JavaScript. DLang has many syntax improvements over C, as well as being fully interoperable with, and syntactically similar to, C.

Rust is known for having a very low overhead, and is efficient where performance is concerned, while Go is widely touted as C for the 21st century, according to the paper.

Related Resource

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Five essentials from your endpoint security partner - title against a background of blue circles - whitepaper from MalwarebytesDownload now

Although C-language malware is still the most widespread, malware operators, including major groups such as Fancy Bear and Cozy Bear, are using unconventional languages in their malware sets more often than other groups.

Often enough, entire C-language malware families don’t actually need to be rewritten from scratch, with these groups simply writing loaders, droppers, and wrappers in exotic languages instead. This means they can effectively embed their payloads in harder-to-detect shells that are newly written in order to avoid signature-based detection.

There is a litany of cases cited in the report where such groups have adopted elements written in obscure languages to disguise their attacks. In 2018, for example, Cozy Bear was seen targeting Windows and Linux machines with WellMess, a remote access trojan (RAT) written in Go and .NET.

Fancy Bear was also discovered in 2018 using a Go-based Trojan identified as a rewritten version of the original Zebrocy malware. The following year, the group was seen using a Nim downloader alongside the Go backdoor in the same campaign targeting embassies and ministries of foreign affairs in Eastern Europe and Central Asia.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021
Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition
mergers and acquisitions

Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition

14 Sep 2021