Cybersecurity researchers have uncovered a new variant of a known malware that has been rewritten in the Rust programming language in order to better evade existing detection capabilities.
The Buer malware first emerged in 2019, and is used by threat actors to install a backdoor that can then be used to deliver other malware including ransomware.
The researchers from Proofpoint, who discovered the new variant written in Rust, have named it RustyBuer.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
“When paired with the attempts by threat actors leveraging RustyBuer to further legitimize their lures, it is possible the attack chain may be more effective in obtaining access and persistence,” the researchers say.
Delivered via email
The researchers latched onto a campaign that delivered RustyBuer via phishing emails supposedly from the DHL delivery company. As usual, the email asks users to download a Microsoft Word or Excel document in order to view details about their scheduled delivery.
Once downloaded, the document claims it is protected and asks users to enable editing, which is all it needs to unleash RustyBuer, which is embedded as a macro in the document.
The malware then establishes a persistent connection by using a shortcut file that runs at startup, which provides the attackers with a permanent backdoor into the computer.
Based on the frequency of RustyBuer campaigns that Proofpoint has observed, the researchers anticipate they’ll continue to see the new variant in the future.
Via ZDNet
