New Buer Malware Downloader Rewritten in E-Z Rust Language
#1
Information 
Quote:A variant of the Buer malware, which is being distributed in emails disguised as DHL support shipping notices, comes with a fresh code rewrite in the popular Rust language and looks like it may be in the process of prepping for rental to other cybercrooks.
 
Using the increasingly popular, efficient and easy-to-use Rust programming language will help the malware to slip past detection, Proofpoint researchers said in a post on Monday morning. The rigged emails are coming in two flavors. One is written in the more typical C programming language. The other’s written in Rust: a tactical shift that will help it tiptoe past detection in order to get more clicks.
 
Buer is what’s known as a first-stage downloader: a chunk of malware sold on the underground that threat actors use to get a foothold into compromised networks. These attack tools install other types of malware
during and after phishing campaigns. Proofpoint research shows that these downloaders have become increasingly beefy over the past two years, boasting ever-more advanced profiling and targeting capabilities.
 
Proofpoint first came across Buer in 2019, and its researchers spotted the new variant in early April. This is what the DHL-themed, boobytrapped email looks like:
 
Any unfortunates who click on the malicious Microsoft Word or Excel attachment will trigger a drop of the new, Rust-written Buer variant, which researchers are calling RustyBuer. It’s cutting a wide path across the internet: More than 200 organizations across more than 50 verticals have been hit by the campaign, Proofpoint says.

Read more: Buer Malware Tool Rewritten in E-Z Rust Language | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.5 Both no...Kool — 09:45
Opera 115.0.5322.119
Version 115.0.5322...harlan4096 — 09:16
AdGuard Browser Extension 4.4.49 (MV2)
AdGuard Browser Ex...harlan4096 — 09:13
Hasleo Backup Suite 5.0
Hasleo Backup Suit...harlan4096 — 09:12
NVIDIA GeForce display driver Hotfix 566...
GeForce Hotfix Dri...harlan4096 — 09:07

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>