Daily News Update: Sunday, March 30, 2025 (Australia/Melbourne)
Malware authors increasingly use niche languages like Rust, Nim, and even Phix to bypass traditional security tools and complicate static analysis. The DOJ seized $8.2M in USDT from romance scams, revealing sophisticated manipulation tactics and links to human trafficking in Cambodia and Myanmar.
Evading Malware Analysis with Obscure Programming Languages
Malware developers are increasingly using less common programming languages to make their code harder to detect and analyse. This approach exploits the fact that security tools and analysts are less familiar with these languages, reducing the effectiveness of static analysis and signature-based detection.
Researchers noted that while C and C++ remain the most prevalent languages for malware, threat actors, including groups like APT29, are diversifying their language choices. For example, APT29 has used Python in their Masepie malware, and the Akira ransomware shifted from C++ to Rust. The researchers highlight that:
"For years, ransomware groups have been switching to newer, unconventional languages to make reverse engineering and detection more difficult... Moreover, various threat actors have used this approach, employing a wide range of programming languages and techniques to obfuscate their malicious code."
The study of nearly 400,000 Windows executables from Malware Bazaar revealed that the choice of programming language and compiler significantly impacts malware detection rates. Less common languages like Rust and Nim, and compilers like Pelles C and Embarcadero Delphi, often result in lower detection rates. This is because automated detection mechanisms based on signatures of identified malware won't work when the malware has been rewritten in a different language.
The researchers also assessed how well binaries resisted shellcode pattern matching, finding that languages like Rust, Phix, Lisp, and Haskell distribute shellcode bytes irregularly, complicating static detection. They concluded that:
"Malware is predominantly written in C/C++ and is compiled with Microsoft's compiler... However ... our work practically shows that by shifting the codebase to another, less used programming language or compiler, malware authors can significantly decrease the detection rate of their binaries but simultaneously increase the reverse engineering effort of the malware analysts."
The findings suggest that the security community needs to pay more attention to code written in less popular programming languages and develop more relevant detection tools.
Phix, Lisp, and Haskell are much rarer though, with no well-known uses of it in the malware or ransomware ecosystem.
The Register | "Malware in Lisp? Now you're just being cruel"
$8.2 Million Seized in Crypto Romance Baiting Scam
The U.S. Department of Justice (DOJ) has seized over $8.2 million in USDT (Tether) cryptocurrency stolen through "romance baiting" scams. These scams, previously known as "pig butchering," involve manipulating victims into investing in fraudulent websites or apps promising high returns.
Victims are initially convinced they are making profits and invest increasing amounts. However, when they try to withdraw their funds, they encounter obstacles, eventually realizing they have been scammed. Blockchain intelligence platform TRM Labs reported that the FBI uncovered laundering patterns linked to these scams, leading to the asset seizure.
The complaint names five victims from Ohio, Michigan, California, Utah, and North Carolina, who collectively lost over $1.6 million. A total of 38 victimized cryptocurrency accounts with losses exceeding $5.2 million were confirmed. The threat group behind the scam is believed to be tied to human trafficking syndicates in Cambodia and Myanmar.
The scam tactics include allowing small initial withdrawals to build trust, claiming "taxation" and "credit score" fees to extract more money, and resorting to threats and intimidation when victims run out of funds. One victim from Ohio lost approximately $663,352 and was threatened when she couldn't pay an additional $300,000.
The seized funds will be used for restitution to the victims. The FBI is working to locate additional victims by tracing the seized wallets. This case highlights the devastating impact of romance baiting scams and the importance of verifying the legitimacy of investment platforms.
Bleeping Computer | "U.S. seized $8.2 million in crypto linked to 'Romance Baiting' scams"
