Hackers are using exotic programming languages to sidestep security filters

News
By Mayank Sharma
published

Researchers suggest use of Nim, Rust, Go and more also prevents proper analysis of attacks

security
(Image credit: Shutterstock)

Malware authors are increasingly using rarely spotted programming languages in order to circumvent detection, according to cybersecurity researchers.

The BlackBerry Research and Intelligence Team substantiate this claim by analyzing the increase in use of four languages, namely Go, Rust, Nim and DLang by threat actors in a detailed report. 

“Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies. This has multiple benefits from the development cycle and inherent lack of coverage from protective products,” wrote Eric Milam, VP of Threat Research at BlackBerry, introducing the research. 

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

The researchers argue that they selected these particular four languages for analysis, not just because they are compatible with its detection methodologies, but also for their maturity level. 

On their toes

Using the example of BazarLoader being rewritten in Nim, the researchers argue that when malware is authored in a new language, it has a greater chance of evading signature-based detection, which are tuned to identify its previous iteration. 

The defenders will then have to create new signatures to detect these variants, either manually using human malware researchers or by using artificial intelligence (AI).

No surprise then that the researchers are tracking more loaders and droppers being written in rare languages, since it’s their job to bypass security measures before the real damaging malware can be deployed.

The researchers also believe that using more uncommon programming languages, helps the authors use the language itself as a layer of obfuscation, which not only helps bypass conventional security measures, but also hinder analysis efforts.

“Although wrappers and loaders are more cost-effective, some well-resourced threat actors are beginning to rewrite their existing malware using exotic languages,” note the researchers in their detailed analysis.

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.