Malware such as ElectroRAT, EKANS, Zebrocy, and DShell have been written using languages such as Go, Dlang and Nim
Cybercriminals are turning to uncommon programming languages to develop malware that can be more difficult for security experts to deal with.
Threat actors are adopting languages such as Go, Rust, Nim, and Dlang, according to a report by BlackBerry. This is not only because there are fewer developers specializing in them, but also because newer languages come with their own security considerations, which make the malware harder to crack.
“New languages often come with a higher degree of security consideration, offering features such as memory-safe programming by design. This can protect the developer from introducing easily overlooked security holes that can result in memory-related bugs and vulnerabilities," the report said.
New languages build on deficits in existing programming languages, and cybercriminals may be choosing them to suit “newer environments", the report said. Use of new languages demonstrates that a company is on the “technological cutting edge" and such organizations may make for more enticing targets for cybercriminals.
“Much like in the business world, developers with experience in these languages are hard to come by and can get a higher salary. This increases the overhead for such a project," the report said.
Historically, a large amount of malware has been created in these languages, according to Rahul Tyagi, co-founder of Safe Security, a homegrown security firm. These languages produce signatures that are “more complicated, confusing, and difficult to interpret than standard programming languages".
“Such languages may impede reverse-engineering attempts, evade signature-based detection techniques, and enhance cross-compatibility between target platforms making it more difficult to track," he said.
Malware such as ElectroRAT, EKANS, Zebrocy, DShell, Vovalex, Outcrypt, Nimzaloader have been written using languages such as Go, Dlang and Nim, Tyagi said.
In January, security firm Intezer Labs had found that a group of hackers had been running a year-long programme to infect users’ devices with ElectroRAT through fake cryptocurrency apps.
“Its primary goal was to target and pilfer the victims’ cryptocurrency wallet. However, like any good RAT, it also was capable of additional functionality such as screenshotting, keylogging, uploading and downloading files, as well as executing commands from the victims’ console," the BlackBerry report said. RAT stands for remote access trojan, which is a form of malware that allows administrative access to a machine.
On the other hand, ransomware such as OutCrypto (an earlier paragraph says Outcrypt) and Vovalex have been written using the Dlang programming language.
Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.
Never miss a story! Stay connected and informed with Mint.
our App Now!!