Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

The world of malware has a new rising star - and that's a big problem

Karlston

By Karlston
in Security & Privacy News

Recommended Posts

Karlston

Karlston

Posted
Posted

The world of malware has a new rising star - and that's a big problem

Buer loader paves the way for further malicious activity

s3fZSNQcPjVBeU4amrR2bc-320-80.jpg

(Image credit: Pixabay)

 

A new malware-as-a-service offering has been discovered by cybersecurity firm Sophos, providing an alternative to other well-known malware loaders like Emotet and BazarLoader. Buer, as the new malware has been dubbed, was first discovered in August 2019, when it was used to compromise Windows PCs, acting as a gateway for further attacks to follow.

 

“Buer was first advertised in a forum post on August 20, 2019 under the title “Modular Buer Loader”, described by its developers as 'a new modular bot…written in pure C' with command and control (C&C) server code written in .NET Core MVC (which can be run on Linux servers),” Sean Gallagher, a Senior Threat Researcher at Sophos, explained. “For $350 (plus whatever fee a third-party guarantor takes), a cybercriminal can buy a custom loader and access to the C&C panel from a single IP address - with a $25 charge to change that address. Buer’s developers limit users to two addresses per account.”

 

Buer comes with bot functionality, specific to each download. The bots can be configured depending on a variety of filters, including whether the infected machine is 32 or 64 bit, the country where the exploit is taking place and what specific tasks are required.

A new threat

In September, Sophos discovered Buer as the root cause of a Ryuk ransomware attack, with the malware delivered via Google Docs and requiring the victim to enable scripted content in order to work. In this respect, Buer mimics Emotet and other loader malware variants.

 

Buer uses a stolen certificate issued by a Polish software developer in order to evade detection and checks for the presence of a debugger to ensure forensic analysis can be avoided. 

 

Nevertheless, there are ways for individuals to protect themselves. Remaining vigilant against phishing attacks is essential, as is ensuring that the latest antivirus software is installed.

 

 

The world of malware has a new rising star - and that's a big problem

 

ThanksForReading200x49.jpg

Link to comment
Share on other sites
  • Replies 1
  • Views 584
  • Created
  • Last Reply
caraid

caraid

Posted
Posted
12 hours ago, Karlston said:

(which can be run on Linux servers)

 

Oh my goodness.....that's why some people never encourage that Mono be installed on Linux.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...