14 DAY TRIAL // Experts have found that malware authors are turning more and more to AutoIt, a free BASIC-like scripting language, to develop their creations.
AutoIt is easy to learn, it’s scalable, and it can be used to run applications in stand-alone executable files. This makes it perfect for cybercriminals that don’t want to bother learning more complex programming languages such as Python.
Trend Micro researchers have observed numerous examples of malware and tools developed with AutoIt, including keyloggers and Remote Access Trojan (RAT) builders.
For instance, one author has developed a RAT that allows him to get a remote shell on the targeted system and perform various malicious tasks.
One variant of the notorious DarkComet RAT was also written in AutoIt. This particular malware, which is capable of disabling the Windows Firewall, is detected by only a few antivirus solutions.
Interestingly, the source codes for many of these malicious tools are freely available on websites such as Pastebin or Pastie.
“As scripting languages like AutoIt continue to gain popularity, we expect more of these types of malware to make a migration to using them. The ease of use and learning, as well as the ability to post code easily to popular dropsites make this a great opportunity for actors with nefarious intentions to propagate their tools and malware,” Trend Micro’s Kyle Wilhoit noted.