Hackers Pivot To Exotic Programming Languages To Carry Out Devastating Malware Attacks
If you want to be stealthy, perhaps not wearing a hot pink suit is a good choice. When it comes to cybersecurity, avoiding computer languages that people have come to know and recognize is a good idea as well. Threat actors have seemingly figured out the latter as some malware has now been built using “exotic” programming languages to better avoid security protections, analysis, and slow the reverse engineering process.
As Eric Milam, VP of Threat Research at BlackBerry, explains, “Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies.” This includes adapting to “less prolific programming languages” such as Go, Rust, Nim, and DLang. Blackberry’s “Old Dogs New Tricks” report elaborates on this, stating that these new languages could be adopted for a variety of reasons like “simpler syntax, performance boosts or more efficient memory management.”
However, these languages could also add additional layers of obfuscation, hinder efforts for reverse engineering as fewer people understand the language, and circumvent signature-based detection. As such, the researchers concluded that “Programs written using the same malicious techniques but in a new language are not usually detected at the same rate as those written in a more mature language.”
On the other hand, researchers could have a greater chance of catching multi-language malware strains if dynamic or behavioral signatures were used, in which behavior of malware is tracked through sandbox output, EDR, or log data. In any event, hopefully, this research will shine a spotlight on the ways that the threat landscape is constantly evolving and shifting as right now, it’s a hacker’s game out there; but it is time for security researchers to turn the tables.