For defenders to maintain a competitive advantage over attackers, it’s important to recognize emerging trends by threat actors. One such trend BlackBerry has observed in 2021 is the practice by malware authors of leveraging new and uncommon programming languages to evade detection and hinder analysis.
Malware authors have a reputation for being slow to change what works for them. But with millions of dollars in corporate ransoms now up for grabs, this is no longer the case. Some malware groups have taken the opportunity to branch out and try new or “exotic” programming languages to address specific pain-points in their development process, or to try to evade detection by defenders.
A new BlackBerry white paper, Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages, explores this trend and reveals the motivations and impact it may have on the threat landscape.
“Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies,” says Eric Milam, VP of Threat Research at BlackBerry. “This has multiple benefits from the development cycle and inherent lack of coverage from protective products. This paper looks into less prolific programming languages and their use in the malware space. It is critical that industry and customers understand and keep tabs on these trends, as they are only going to increase.”
Read BlackBerry’s Deep Dive Into Go, D, Nim, and Rust
The BlackBerry Research & Intelligence Team chose four uncommon programming languages of interest to examine: Go, D, Nim, and Rust.
This choice was due in part to BlackBerry’s detection methodology, which identified an increase in the use of these languages for malicious intent, and exposed an escalation in the number of malware families being identified and published using these languages. These four languages have also piqued our interest because they could be considered well developed and supported, with strong community backing.
While the trend of using exotic programming languages by threat actors is not new, BlackBerry aims to shed light on the state of the current threat landscape regarding these new and emerging languages. In this white paper, BlackBerry’s research team covers the reasons behind exotic language adoption, and provides valuable tips for detecting and preventing malware that takes advantage of these challenging new methods.