Software developers and malware authors share a desire to work smart, not hard
In the software development world, engineers frequently use ready-made code for various tasks, whether it involves copying a snippet from Stack Overflow, taking a library from Github, or reusing a company’s own rich, legacy code base. On the darker side of things, malware authors reusing code is a phenomenon that we see time and time again. While it makes a lot of sense to avoid reinventing the wheel, even nation-sponsored hackers search for code on Google. (This is often a surprising fact to many people in the cyber security community.)
In this blog post, we’ll present an intriguing case of code reuse in malware from publicly available code, where possibly North Korean and Iranian APT threat actors both used the same code from an example on CodeProject in crafting their malware.
As previously mentioned, malicious code reuse across different variants of the same threat actor or between different malware types is very common. This is, by the way, the base assumption that our technology is built upon. This fact was evident in both recent sophisticated threats (such as the CCleaner hack and WannaCry) and also in common generic viruses (such as BankBot). In the end, code reuse is very cost effective and can save hackers months or even years of development efforts.
To read the original article :