FortiGuard Labs recently detected a new injector written in Rust—one of the fastest-growing programming languages—to inject shellcode and introduce XWorm into a victim’s environment. While Rust is relatively uncommon in malware development, several campaigns have adopted this language since 2019, including Buer loader, Hive, and RansomExx.
FortiGuard Labs analysis also revealed a significant increase in injector activity during May 2023, where the shellcode can be encoded with Base64 and can choose from encryption algorithms such as AES, RC4, or LZMA to evade antivirus detection. By examining the encoded algorithms and API names, FortiGuard Labs identified the origin of this new injector in the Red Team tool “Freeze.rs,” designed to create payloads able to bypass EDR security controls.
Source: FortiGuard Labs