back to article Memory-safe languages so hot right now, agrees Lazarus Group as it slings DLang malware

Research into Lazarus Group's attacks using Log4Shell has revealed novel malware strains written in an atypical programming language. DLang is among the newer breed of memory-safe languages being endorsed by Western security agencies over the past few years, the same type of language that cyber criminals are switching to. At …

  1. Paul Crawford Silver badge

    Are they really using it for memory-safety, or is it due to a greater difficulty in reverse-engineering captured malware in those languages?

    1. fg_swe Bronze badge

      Maybe

      ...they fear to be counter-hacked and want to eliminate their share of the 70% of exploits which come from the lack of memory safety of C and C++.

  2. HuBo
    Angel

    Lazy Meta-Curry

    Wow! DLang sounds almost like a faster, compiled, LISP, the language that "freed ITS's hackers to think in unusual and creative ways" back in 1969. I'd congratulate the Norks' Lazarus Blacksmiths on this choice of PL but they're the bad guys so let's hope they either become more friendly through its use (via the mind-expanding side-effects of dynamic programming languages), or just plain choke on it (in the nicest possible way).

    1. Blazde Silver badge
      Boffin

      Re: Lazy Meta-Curry

      Those side-effects are the worst part of malware. If only the bad guys would stick to purely functional code the world would be a better place

    2. fg_swe Bronze badge

      Re: Lazy Meta-Curry

      Why LISP ? I always though it being a C++ competitor, which means it is an imperative language. LISP and derivatives are functional.

      1. EmilPer.

        Re: Lazy Meta-Curry

        DLang is easier to write code than Javascript and almost as easy as Perl (does not have symbol tree manipulation, which might be a good thing).

        Also is has good support for functional programming, including immutability, if you chose to use it.

        1. HuBo
          Boffin

          Re: Lazy Meta-Curry

          ... and lazy evaluation (eg. streams), and metaprogramming, and currying (hence Lazy Meta-Curry), and closures, and dynamic type dispatch, and garbage collection, ...

  3. karlkarl Silver badge

    DLang is more important in this area in that it can directly consume C APIs (which is fairly important for malware accessing various operating system subsystems, almost exclusively exposed as C APIs).

    Rust via bindgen to generate a fairly rough 80% of bindings and then fetching the rest of the bloat from NPM-style crates.io is less than ideal for anyone's software development pipeline, including malware authors.

    C and C++ are still the malware language of choice though. It mirrors much of the industry at a systems-level to be fair.

  4. Bebu Silver badge
    Windows

    Not sure Walter Bright wanted this compliment.

    D has been around a fair while and too bad a language. I guess it was Rust before Rust's time (or Golang's.)

    Snobol4 or Icon next on these malefactor's list?

    Apparently malware detection in part depends on the code generation patterns which varies sufficiently with the front end languages to elude detection.

  5. LorenDB

    It's D, not DLang

    Generally speaking, the name DLang is only used as the domain name (dlang.org) and if you are searching for the language (since SEO doesn't understand "D" for some reason.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like