Hackers Using Obscure Programming Languages to Evade Detection

  • By Dawna M. Roberts
  • Published: Aug 19, 2021
  • Last Updated: Mar 18, 2022

 ZDNet reported this week that malware developers are turning to obscure or “exotic” programming languages to “hamper analysis efforts,” and evade detection.

What is Going On?

Researchers at Blackberry issued a report on Monday claiming that hackers are increasingly resorting to languages like Go (Golang), D (DLang), Nim, and Rust to evade detection and analysis by threat assessors.

ZDNet expands on this “In particular, malware developers are experimenting with loaders and droppers written in these languages, created to be suitable for first and further-stage malware deployment in an attack chain.”

The BlackBerry researchers also mention that these languages are used for droppers and loaders to avoid detection on the initial device. Then once the malware has avoided detection, it is deployed to load other types of malware, including Trojans.

According to the report, some examples are “Remote Access Trojans (RATs) Remcos and NanoCore. In addition, Cobalt Strike beacons are often deployed.”

Other gangs with sophisticated programming skills are completely rewriting their malware in these unusual languages, such as Buer, which was revised to become RustyBuer.

One of the most commonly used languages now is Go. ZDNet explains, “both advanced persistent threat (APT) state-sponsored groups and commodity malware developers are taking a serious interest in the programming language to upgrade their arsenals. In June, CrowdStrike said a new ransomware variant borrowed features from HelloKitty/DeathRansom and FiveHands but used a Go packer to encrypt its main payload.” Along with Go, DLang is also becoming very prominent in cybercriminal circles.

“By using new or more unusual programming languages, the researchers say they may hamper reverse-engineering efforts and avoid signature-based detection tools, as well as improve cross-compatibility over target systems. The codebase itself may also add a layer of concealment without any further effort from the malware developer simply because of the language in which it is written,” ZDNet commented.

VP of BlackBerry’s Threat Research, Eric Milam, says, “Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies. This has multiple benefits from the development cycle and inherent lack of coverage from protective solutions. It is critical that industry and customers understand and keep tabs on these trends, as they are only going to increase.”

New Malware coding language

Ransomware an Ongoing Ever-Changing Threat

Ransomware has become such an enormous threat to individuals and businesses that governments are finally taking notice and enacting strict regulations against cybercriminals that include harsh punishments. Some administrations, like the U.S., are even considering penalizing the victim if they pay any ransom to the threat actors.

As these threats come and go, they continue to evolve, increasing the danger and making it much harder for threat researchers to identify, mitigate, and prevent attacks. So, where does that leave us now?

According to a Sophos Report for 2021, some key findings include:

  • 37% of respondents’ organizations were hit by ransomware in the last year. 
  • 54% that were hit by ransomware in the last year said the cybercriminals succeeded in encrypting their data in the most significant attack. 
  • 96% of those whose data was encrypted got their data back in the most significant ransomware attack. 
  • The average ransom paid by mid-sized organizations was US$170,404
  • However, on average, only 65% of the encrypted data was restored after the ransom was paid. 
  • The average bill for rectifying a ransomware attack, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, etc., was US$1.85 million
  • Extortion-style attacks where data was not encrypted, but the victim was still held to ransom have more than doubled since last year, up from 3% to 7%
  • Having trained IT staff who are able to stop attacks is the most common reason some organizations are confident they will not be hit by ransomware in the future.”
 
About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

What is a Time-based One-time Password (TOTP)?

What is a Time-based One-time Password (TOTP)?

Authentication is the process that verifies the user's identity to control access to resources, prevent unauthorized users from gaining access to the system, and record user activities (to hold them accountable for their activities).

Corporate Fraud: Detection, Prevention, and the Role of Corporate Fraud Attorneys

Corporate Fraud: Detection, Prevention, and the Role of Corporate Fraud Attorneys

The growing scale of organizations and the more opportunities to push the boundaries have led to an upsurge in corporate fraud in recent years.

Is Upwork Legit and How To Protect Yourself?

Is Upwork Legit and How To Protect Yourself?

Doing business online has become simpler with the development of the Internet and mobile technologies. In general, both freelancers and clients benefit from the freelancing platforms.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close