Hackers are using exotic programming languages to sidestep security filters
Researchers suggest use of Nim, Rust, Go and more also prevents proper analysis of attacks
Malware authors are increasingly using rarely spotted programming languages in order to circumvent detection, according to cybersecurity researchers.
The BlackBerry Research and Intelligence Team substantiate this claim by analyzing the increase in use of four languages, namely Go, Rust, Nim and DLang by threat actors in a detailed report.
“Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies. This has multiple benefits from the development cycle and inherent lack of coverage from protective products,” wrote Eric Milam, VP of Threat Research at BlackBerry, introducing the research.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.
- Protect your devices with these best antivirus software
- Here's our choice of the best malware removal software on the market
- These are the best endpoint protection tools
The researchers argue that they selected these particular four languages for analysis, not just because they are compatible with its detection methodologies, but also for their maturity level.
On their toes
Using the example of BazarLoader being rewritten in Nim, the researchers argue that when malware is authored in a new language, it has a greater chance of evading signature-based detection, which are tuned to identify its previous iteration.
The defenders will then have to create new signatures to detect these variants, either manually using human malware researchers or by using artificial intelligence (AI).
No surprise then that the researchers are tracking more loaders and droppers being written in rare languages, since it’s their job to bypass security measures before the real damaging malware can be deployed.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The researchers also believe that using more uncommon programming languages, helps the authors use the language itself as a layer of obfuscation, which not only helps bypass conventional security measures, but also hinder analysis efforts.
“Although wrappers and loaders are more cost-effective, some well-resourced threat actors are beginning to rewrite their existing malware using exotic languages,” note the researchers in their detailed analysis.
- We’ve also rounded up the best ransomware protection tools
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.