Researchers from BlackBerry Research & Intelligence department published a report saying that nowadays malware developers began to use exotic programming languages more often in order to make subsequent analysis and detection of malware more difficult.
Among the exotic programming languages for writing malware are Go (Golang), D (DLang), Nim and Rust. As a rule, these languages are used to create malicious software aimed at large organizations and which exploits weaknesses in the protection of the corporate infrastructure. We are talking about malware that implements multi-stage, carefully planned and organized cyber-attacks.
Once on the victim’s computer, these software modules bypass traditional defenses to later download, decode and launch remote access Trojans, most often Remcos and NanoCore, as well as Cobalt Strike beacons.
In some cases, when the cybercriminals have sufficient resources, non-standard languages for these purposes are used not only for the modules performing the initial attack, but also for the whole malware package. The Go language is of particular interest to attackers. It is used by hackers on an almost regular basis for all major platforms.
According to the authors of the study, new or unusual programming languages make it difficult to decompile malware, circumvent defenses that use signature-based detection tools with relative ease, and simplify cross-platform compatibility of attacks. The code base of such malware itself is an additional level of disguise. Their developers, in fact, do not have to make any extra effort; the effectiveness of the attack is increased simply by the fact that one of these programming languages is used.
