English

Coding Malware in Fancy Programming Languages for Fun and Profit

Cryptography and Security 2025-03-26 v1

Abstract

The continuous increase in malware samples, both in sophistication and number, presents many challenges for organizations and analysts, who must cope with thousands of new heterogeneous samples daily. This requires robust methods to quickly determine whether a file is malicious. Due to its speed and efficiency, static analysis is the first line of defense. In this work, we illustrate how the practical state-of-the-art methods used by antivirus solutions may fail to detect evident malware traces. The reason is that they highly depend on very strict signatures where minor deviations prevent them from detecting shellcodes that otherwise would immediately be flagged as malicious. Thus, our findings illustrate that malware authors may drastically decrease the detections by converting the code base to less-used programming languages. To this end, we study the features that such programming languages introduce in executables and the practical issues that arise for practitioners to detect malicious activity.

Keywords

Cite

@article{arxiv.2503.19058,
  title  = {Coding Malware in Fancy Programming Languages for Fun and Profit},
  author = {Theodoros Apostolopoulos and Vasilios Koutsokostas and Nikolaos Totosis and Constantinos Patsakis and Georgios Smaragdakis},
  journal= {arXiv preprint arXiv:2503.19058},
  year   = {2025}
}

Comments

To appear in CODASPY 2025

R2 v1 2026-06-28T22:32:56.223Z