By Amir from Bek Brace YouTube Channel
In recent years, developers have made it clear that they are eager to learn and master the Rust programming language, and they're not alone.
Cybersecurity researchers have found that ransomware gangs are now rewriting their malicious software in Rust. This shift is catching the attention of the security world, as Rust offers unique advantages in creating more sophisticated and harder-to-detect malware.
Reports from Trend Micro, a prominent cybersecurity firm, reveal that a group known as Agenda recently released a new version of their ransomware written in Rust. This new version has been used to target manufacturing and IT companies. Previously, the ransomware was written in Go [believe it or not!] and was primarily used to attack healthcare and educational organizations.
Several other ransomware groups, including BlackCat, Hive, and RansomExx, have also adopted Rust for their malware development. This switch allows them to customize their code more easily to target machines running either Windows or Linux, making Rust an appealing tool for cybercriminals.
Why Rust Matters
The use of Rust in malware development is concerning because it makes malicious software harder to defend against. According to Trend Micro's researchers, "Attackers seem to be shifting their ransomware to Rust because modern versions of Rust lack some of the detection features found in ransomware written in Golang." Rust's growing popularity among hackers stems from its difficulty to analyze and its lower detection rates by antivirus software.
Key Advantages of Rust
Rust's characteristics, which appeal to developers, also make it a valuable resource for attackers. Andrew Hay, CEO of LARES Consulting, highlights two main advantages of using Rust: "First, Rust provides low-level access to hardware and memory, allowing the creation of extremely low-level code, which is harder to achieve in other languages. Second, Rust is incredibly fast, offering high performance while ensuring memory safety."
The Need for Skilled Rust Developers
Ironically, Rust's growing popularity is due to its ability to allow developers to write code with fewer security vulnerabilities compared to other languages, like C++. This is because Rust is inherently safer regarding memory management and concurrent programming.
As criminal organizations start using Rust, security experts warn that companies need skilled developers who are proficient in Rust and understand its security implications. This knowledge will help them protect vulnerable infrastructure and prevent ransomware attacks written in Rust from causing significant damage.
Melissa Bishoping, Director of Endpoint Security Research at Tanium, emphasized the importance of having tech professionals skilled in Rust to reverse-engineer malicious software. She noted, "As attackers and defenders continue to evolve, research and detection capabilities must keep up with the latest changes in malware. Currently, there are fewer tools and experts who are highly skilled in reverse-engineering malware written in Rust, making it an attractive option for attackers, at least for now."
Bud Broomhead, CEO of Viakoo, also pointed out that as Rust becomes more popular among developers and cybercriminals, organizations need tech professionals who understand the language and how it can be used to make applications more secure. It’s also crucial to understand how attackers might use a core set of techniques to create their malicious programs.
In Summary
Rust is becoming an increasingly popular programming language among hackers for creating advanced malware. Its high-level control, safety features, and flexibility make it an ideal tool for developing stealthy and sophisticated malicious software like botnets, cryptojacking attacks, and ransomware. Cybersecurity professionals face challenges in defending against malicious Rust programs, including Rust’s core security features, its compatibility with security tools, and the difficulty in detecting Rust-based attacks. As the popularity of Rust grows, it is likely to become a go-to language for cybersecurity professionals.
With more cybersecurity experts getting familiar with Rust and its features, we can expect to see new tools and techniques developed to detect and mitigate Rust-based threats.
Conclusion
Finally, dear DEV readers, it is essential to keep your devices safe from ransomware and other security vulnerabilities. Avoid downloading unknown files or pirated software, as they carry a high risk of ransomware infection.
I hope this article has sparked your curiosity about Rust and encouraged you to learn and use it in the near future.
Thanks for reading, and I will catch in the next one!
https://youtube.com/bekbrace
https://instagram.com/bek_brace
https://x.com/BekBrace
Top comments (2)
IIRC, just having an eh_personality symbol was enough to be branded malware by many automated scanners back in the earlier days of the language.
I wasn’t aware of the eh_personality symbol being linked to malware flags in the early days of Rust. That’s really interesting! Could you elaborate on why it triggered those scanners back then? I’d love to learn more about how this symbol works in relation to exception handling and why it caused issues - Cheers, Amir.