Why is malware not commonly written in Haskell?

All we need is an easy explanation of the problem, so here it is.

I recently started learning Haskell, and have been reading about many of the advantages it is supposed to offer over traditional imperative programming. I came across this post about reverse-engineering compiled Haskell code, and it made me wonder about malware written in Haskell.

  • Are there known instances of malware written in Haskell? (Quick Googling did not turn up any results for me.)
  • Does the complex nature of compiled Haskell programs make it an attractive choice as a malware development language?

My assumption is that the barriers of entry to learning Haskell are too high for rudimentary malware, and that those with the time/ability to learn it are writing more complex malware that requires the low-level features of a language like C. Is this known to be the case?

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

[Disclaimer: not my area of expertise]

Yeah, I would assume that haskell is too high-level.

Things malware wants to, in order of priority: accomplish your task, fool anti-virus scanners on the target, resist reverse engineering and analysis in a lab.

The complex nature of compiled Haskell probably helps with the third, but probably makes the first two harder. For example, the following are common malware tasks that are probably difficult to accomplish in Haskell:

  • insert itself into another application or document such that it is still executable (virus behaviour)
  • obfuscate / encrypt its own string constants to avoid easy scanning of the binary
  • re-write its own code dynamically to change its fingerprint and fool anti-viruses
  • other evasion techniques
  • use and manipulate dlls it finds on the target machine
  • read / modify memory belonging to other processes
  • read / modify system data such as the master boot record

If you’re at the level of sophistication where you’re worried about reverse-engineering, I can’t imagine that any compiled language is very attractive – you probably spend at least half your time working directly with assembly.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply