And no, we aren’t talking about dancing. We’re talking about coding languages employed to foil analysis.
According to BlackBerry’s Research & Intelligence team, malware developers are using languages like Go (Golang), D (DLang), Nim, and Rust to “try to evade detection by the security community, or address specific pain-points in their development process.”
Among other tactics, cyber bad guys are trying out first-stage droppers and loaders written in these languages to evade detection on a target endpoint. Once they see that works, the languages are used for coding, loading, and deploying malware.
The BlackBerry team also warned that the use of exotic languages could interfere with reverse engineering, circumvent signature-based detection tools, and enhance cross-compatibility over target systems.
Go seems to be of particular interest to cybercriminals. Both state-sponsored and commodity malware developers seem to be taking a serious interest in Go to upgrade their weaponry, according to BlackBerry.
Eric Milam, VP of Threat Research at BlackBerry commented that “malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies… It is critical that industry and customers understand and keep tabs on these trends, as they are only going to increase.”