• Actual
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    China-based Sandman which was recently observed using Lua-based malware, believed to be part of a wider shift toward Lua development from Chinese attackers.

    Wait lua? Why lua?

    • Lmaydev
      link
      fedilink
      arrow-up
      9
      ·
      1 year ago

      Easily embeddable and can be modified very easily would be my guess.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    This is the best summary I could come up with:


    At least three new DLang-based malware strains have been used in attacks on worldwide organizations spanning the manufacturing, agriculture, and physical security industries, Cisco Talos revealed today.

    Through unpicking the remote access trojan (RAT), researchers at Cisco Talos discovered that it was first built around May 2022 but was only used in attacks starting in March 2023 through to October.

    Finally, DLRAT acts as a downloader for additional malware payloads, gathers session information before returning it to the attackers, and also has RAT capabilities.

    AlphV/BlackCat was the first ransomware group to make such a shift last year, re-writing its payload in Rust to offer its affiliates a more reliable tool.

    Other groups to snub Rust include China-based Sandman which was recently observed using Lua-based malware, believed to be part of a wider shift toward Lua development from Chinese attackers.

    It’s frequently mentioned in the same breath as the likes of Go, Ruby, Swift, and others for their memory safety, but developers often report enjoying the experience of writing in Rust more than other languages.


    The original article contains 705 words, the summary contains 174 words. Saved 75%. I’m a bot and I’m open source!