According to the survey, Clojure, TypeScript, Elixir and Julia took the next four spots, respectively, in the top five most loved programming languages amongst developers. Despite how popular Apple’s devices are, the company’s Swift programming languages was the eighth most popular language amongst developers.

Rust, though, is not only a favourite amongst developers. A July 2021 whitepaper from BlackBerry noted that cybercriminals and malware makers are also adopting the language to build trojans that can be used for infiltrating devices. “Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies,” said Eric Milam, vice president of Threat Research at BlackBerry. He added:

“This has multiple benefits from the development cycle and inherent lack of coverage from protective products. This paper looks into less prolific programming languages and their use in the malware space. It is critical that industry and customers understand and keep tabs on these trends, as they are only going to increase.”

Further, despite efforts by companies like Google and Apple to put an end to JavaScripts, the language remains the most common amongst scripting languages. These are often used to track users’ activity online and to make web pages interactive. HTML/CSS and Python were also preferred by developers.

Amongst frameworks and libraries – code written by others that can be used to solve common problems – Google’s TensorFlow was amongst the top five while Microsoft’s .NET was the most loved framework. The company’s Windows was also a favourite operating system amongst developers, while Linux-based operating systems came in second. Apple’s MacOS was the third most preferred operating system for developers.

According to a new report published by BlackBerry’s Research & Intelligence team on Monday, there has been a recent “escalation” in the use of Go (Golang), D (DLang), Nim, and Rust, which are being used more commonly to “try to evade detection by the security community, or address specific pain-points in their development process.”

In particular, malware developers are experimenting with loaders and droppers written in these languages, created to be suitable for first and further-stage malware deployment in an attack chain.

BlackBerry’s team says that first-stage droppers and loaders are becoming more common in order to avoid detection on a target endpoint, and once the malware has circumvented existing security controls able to detect more typical forms of malicious code, they are used to decode, load, and deploy malware including Trojans.

Commodity malware cited in the report includes the Remote Access Trojans (RATs) Remcos and NanoCore. In addition, Cobalt Strike beacons are often deployed.

Some developers, however, with more resources at their disposal are rewriting their malware fully into new languages, an example being Buer to RustyBuer. Based on current trends, cybersecurity researchers say that Go is of particular interest to the cybercriminal community.

According to BlackBerry, both advanced persistent threat (APT) state-sponsored groups and commodity malware developers are taking a serious interest in the programming language to upgrade their arsenals. In June, CrowdStrike said a new ransomware variant borrowed features from HelloKitty/DeathRansom and FiveHands but used a Go packer to encrypt its main payload. The team says:

“This assumption is based upon the fact that new Go-based samples are now appearing on a semi-regular basis, including malware of all types, and targeting all major operating systems across multiple campaigns.”

While not as popular as Go, DLang, too, has experienced a slow uptick in adoption throughout 2021.

By using new or more unusual programming languages, the researchers say they may hamper reverse-engineering efforts and avoid signature-based detection tools, as well as improve cross-compatibility over target systems. The codebase itself may also add a layer of concealment without any further effort from the malware developer simply because of the language in which it is written.

“Identity theft, stolen personal data and blackmailing, being spied on and sexually harassed, spreading malware or requesting money from people in your contact list”. 

These are NOT Mr. Stefanko’s charges in court. These are warnings. Are we sure in the purity of our mobile devices and can we recall everything, that we’ve installed or every photo we’ve sent and received? 

What’s the difference between Android and iOS malware defenses? Is one safer than the other?

Definitely iOS is a closed system and more difficult for bad guys to deliver their malware than on Android. Because of that, malware on iOS is rare compared to Android. It doesn’t necessarily mean security of Android OS is worse, but it is more attractive to hackers due to its approximately 80% market share on mobile devices and option to spread malware via fake websites or emails.

Will I be correct if I say that Trojans are the most widespread threat on the web? And if so, are there other, more dangerous threats?

Trojans are the most dangerous – because of their malicious functionality, however the most widespread is Adware. Adware is an unwanted type of application which purpose is to display ads without any user interaction to generate revenue. If I compare it to Trojans, victims have to perform an action such as filling in credentials, allow intrusive permissions or activate Accessibility services and then they can generate money.

And when our phones are infected with a virus, what are the most likely problems that appear? Performance issues? Data loss? Data-stealing?

Actually, all of them, and sometimes even all of these at once. For me, and I believe for many other mobile users the worst case scenario is a financial loss caused by malware either by sending premium SMS, making calls or gaining access to the victim’s banking account. Another unwanted case is data stored in mobile phone such as your documents from work, photos, contacts, email backups, sent text messages, sometimes even pictures of ID, driving license and all these files can be either stolen or deleted. Most times after such actions there are requests to pay ransom for obtaining these files back from hackers.

Most of these Trojans are always running in the background and can be responsible for lower battery life or performance issues. One example is malware that mines cryptocurrency on infected devices 24/7.

Most of the threats/viruses are hidden behind licensed apps that customers download on an everyday basis… What is the agenda for the person who is putting them there? Is there money involved? Is a program doing that, or a group of people? Can you explain to us how it actually works?

The main goal of such malicious apps is financial gain and stealing data or in some cases spying on individuals. Most of the bad guys are interested in getting money from the potential victim. It means that this malware either impersonates fake Banking applications that steals login credentials or legitimate looking apps with useful functionality that after some time reveal malicious functionality.

These apps wait for the victim to launch their banking app and then they would display an  activity that overlays the legitimate banking app activity to request the user to log in. These credentials are then sent to the malware operator. They can also bypass SMS One Time Passwords or two factor authentication.

Actually, how can we protect our devices? What’s the best way to keep them safe? Are the many anti-malware, antivirus programs any good?

To stay protected, users shouldn’t install apps from unknown sources, only from Google Play. Still, before installing apps even from Play Store users should verify if the apps are safe to use for example by going through comments of other users, checking the app permissions or visiting the service website to see if they really have an Android app. Many times, users are in a rush and don’t have time to do all these checks, so then they should use some trustworthy antivirus to keep them safe while on the internet.

What does an average day look like and what difficulties do you encounter in your job as a Malware researcher? Are you trying to find new threats and malware?

The worst thing is the number of new Android threats being created and even available for free on the internet and accessible to anyone. There are dozens of new threats every day, but I am trying to focus on the most sophisticated to identify their new capabilities and what technique they use to spread.

What kind of software are you using in your work? Or any kind of programming languages, and how does it help you?

Most of the software I use is internal to track malware but for analysis of malware I use every day APK decompiler and disassembler for shared libraries. For programming languages it’s probably Python, it helps a lot.

What are your most hated adware and ransomware viruses? What harm are they doing?

I personally hate all adware. It displays full screen ads at the worst time, many times I have to watch it for 20s before I can close it. The worst thing is that without an antivirus it is hard to identify which app is responsible for these ads.

My most hated ransomware viruses are the ones that actually encrypt all the files and also set a PIN for the device. Getting rid of such threats is extremely difficult without data loss.

On a global level, what is the worst that can happen if we don’t protect our devices?

Identity theft, financial loss, losing access to social media, stolen personal data and possible blackmailing, being spied on and or sexually harassed, spreading malware or requesting money from people in your contact list etc.

The interview was conducted by Plamen Mihaylov