Miscreants warming to Delphi, Haskell, and the like to evade detection

Malware authors looking to evade analysis are turning to less popular programming languages like Delphi or Haskell.

Computer scientists affiliated with the University of Piraeus and Athena Research Center in Greece and Delft University of Technology in the Netherlands have taken a look at recent malware to better understand why some of it gets missed by static analysis – a software testing technique for understanding code without executing it.

The authors – Theodoros Apostolopoulos, Vasilios Koutsokostas, Nikolaos Totosis, Constantinos Patsakis, and Georgios Smaragdakis – describe their findings in a preprint paper titled, "Coding Malware in Fancy Programming Languages for Fun and Profit."

There is a lot of malware – almost 26 million new instances of malicious code just in 2025, according to antivirus evaluators AV-TEST. And one of the main ways to identify bad code is static analysis.

Malware authors know this and many make an effort to obfuscate their code or to apply ...