Today, Microsoft Threat Intelligence Center is excited to announce the release of RIFT, a tool designed to assist malware analysts automate the identification of attacker-written code within Rust binaries. Known for its efficiency, type safety, and robust memory safety, Rust has increasingly become a tool for creating malware, especially among financially motivated groups and nation-state entities. This shift has introduced new challenges for malware analysts as the unique characteristics of Rust binaries make static analysis more complex.
One of the primary challenges in reverse engineering malware developed with Rust lies in its layers of abstraction added through features such as memory safety and concurrency handling, making it more challenging to identify the behavior and intent of the malware. Compared to traditional languages, Rust binaries are often larger and more complex due to the incorporation of extensive library code. Consequently, reverse engineers must undertake the demanding task of distinguishing attacker-written code from standard library code, necessitating advanced expertise and specialized tools.
To address these pressing challenges, Microsoft Threat Intelligence Center has developed RIFT. RIFT underscores the growing need for specialized tools as cyber threat actors continue to leverage Rust’s features to evade detection and complicate analysis. The adoption of Rust by threat actors is a stark reminder of the ever-changing tactics employed in the cyber domain, and the increasing sophistication required to combat these threats effectively. In this blog post, we explore how threat actors are increasingly adopting Rust for malware development due to its versatility and how RIFT can be used to combat this threat by enhancing the efficiency and accuracy of Rust-based malware analysis.
FortiGuard Labs recently discovered a new botnet propagating through TOTOLINK devices. Learn more about this malware targeting these devices.
During a recent ransomware incident investigated by the Quorum Cyber Incident Response team, novel malware was identified previously unknown.
Bitdefender researchers have discovered a new backdoor targeting Mac OS users.
Crimeware actors have launched an extensive campaign to target macOS users with malware disguised in multiple fake blockchain games.
New version of Exmatter, and Eamfo malware, used by attackers deploying the Rust-based ransomware.
This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta.
Software developers using GitLab CI are being targeted with malware through a typosquatting attack, putting downstream users at risk.
