🦀 New Rust reversing article! Let's take a look at a simple loader for some infostealer malware, distributed via a "can you try my game" scam on Discord. But it's Rust, so is it really simple? This malware sample has a few twists!

https://cxiao.net/posts/2025-08-17-not-so-simple-rust-loader/

Along the way, I'll go into detail about how threads, dynamic dispatch, and types work in Rust binaries. It may be helpful for your next Rust reversing adventure!

Thanks very much to @0xabad1dea and @demize for providing the sample!

Edit: The infostealer delivered here is actually a known one, called Myth Stealer! You can read more about the stealer payload in Trellix's article, Demystifying Myth Stealer: A Rust Based InfoStealer. Thank you to one of the article authors for reaching out to me about it!

#malware #rust #rustlang #infosec #ReverseEngineering #MalwareAnalysis #infostealer

The DWARF debug format is well-known for debugging executables,
but it is also an effective format for sharing reverse engineering information
across various tools, such as IDA, BinaryNinja, Ghidra, and Radare2.

In this blog post, I introduce a new high-level API in LIEF that allows the
creation of DWARF files. Additionally, I present two plugins designed to export
program information from Ghidra and BinaryNinja into a DWARF file.

https://lief.re/blog/2025-05-27-dwarf-editor/

(Bonus: The blog post includes a DWARF file detailing my reverse engineering work on DroidGuard)

You can now check your strings in #malcat against an online library of #Malpedia FLOSSed strings. Just copy this plugin:

https://github.com/malpedia/malpedia-flossed?tab=readme-ov-file#plugin-for-malcat

Hi Rust reversing fans - the recording of my talk at @REverseConf: Reconstructing Rust Types: A Practical Guide for Reverse Engineers, is available for you to watch!

https://www.youtube.com/watch?v=SGLX7g2a-gw

#rust #rustlang #ReverseEngineering #reversing #malware #MalwareAnalysis #infosec