Cybercriminals are now leaning toward the use of new and exotic programming languages for carrying out cyber attacks. A recently published report suggests that the use of a few specific languages is becoming a trend to develop new malware.
Threat actors such as APT28 and APT29 have adopted these languages to rewrite known malware or create new tools and malware.
These programming languages enable attackers to avoid detection on the endpoint.
Some of the well-known malware written in these languages have been identified as WellMess, Zebrocy, Nim, and Go downloader variants.
These new first-stage pieces of malware are developed to decode, load, and deploy commodity malware, such as Remcos or NanoCore RATs, and Cobalt Strike.
Advantages of using new languages
Actors would try everything that works in their favor.
Malware authors are probably taking the advantage of the simpler coding infrastructure that these relatively new languages have to offer.
Furthermore, malware developed with new languages has a better chance of staying undetected due to a lack of solutions needed to detect such threats.
To stay ahead in the cat-and-mouse game, malware authors are catching up on this trend of using uncommon languages. To identify and prevent such threats, the security firm suggested software engineers and threat researchers employ implementation-agnostic detection rules. Moreover, they can use dynamic or behavioral signatures that tag behavior using sandbox output, endpoint detection and response, or log data to find any malicious behavior.