The rising sophistication observed in recent cyberattacks confirms that cybercriminals are constantly enhancing their computer skills and hacking techniques. According to research from BlackBerry, several malware authors are leveraging exotic programming languages to advance their hacking skills and evade security detections. The research “Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages” revealed that threat actors are reportedly using Nim, Go, Rust, and DLang to create new malicious codes and malware variants.
“Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies. This has multiple benefits from the development cycle and an inherent lack of coverage from protective products. This paper looks into less prolific programming languages and their use in the malware space. Industry and customers must understand and keep tab on these trends, as they are only going to increase,” said Eric Milam, VP of threat research at BlackBerry.
Why Attackers Using New Programming Languages
Cybercriminals are known for their opportunistic behavior and financial motives, and often misuse vulnerable systems with their changing malware campaigns. With rising ransom and double-extortion schemes, several malware groups are applying new or rarely known programming languages to fix loopholes in their existing language for efficient memory management and to attack effectively. Malware authors are also rewriting their codes, which were originally written in traditional languages like C and C++, by using unknown programming languages.
The researchers stated that Nim, Go, Rust, and DLang have a variety of qualities that attract malware authors. These include:
- Easy learning curve
- Can be cross-compiled to target different operating systems and architectures
- Suitable for the building of lightweight and/or stand-alone utilities
- Include multiple paradigm support, such as object-orientated, structured, and functional
- Draws inspiration from C and C++ languages.
- Suitable for the development of a wide range of project and application types
Challenge for Defenders
As malicious actors seek new approaches to hide their activities, security experts and organizations should also adopt security advancements to defend against evolving malware attacks. Organizations should ensure that their security analysts become familiar with newer programming languages to predict hacker moves and potential threats.
“These languages can come with several improvements once they’re adopted into the software development lifecycle of a threat actor. Although this trend might sound bad for researchers, the inverse is also true. By using these languages for enhanced detection evasion, or for quality-of-life improvements, they also inadvertently aid us in our hunt for malicious samples. Due to the relatively low number of compiled binaries in these languages, it is arguably easier to identify malicious samples,” the research report stated.
