Cybersecurity researchers on Monday disclosed a new malspam campaign distributing a fresh variant of a malware loader called ‘Buer’ written in Rust, illustrating how adversaries are constantly honing their malware toolsets to evade analysis.
Dubbed “RustyBuer,” the malware is propagated via emails masquerading as shipping notices from DHL Support, and is said to have affected no fewer than 200 organizations across more than 50 verticals since early April.
“The new Buer variant is written in Rust, an efficient and easy-to-use programming language that is becoming increasingly popular,” Proofpoint researchers said in a report shared with The Hacker News. “Rewriting the malware in Rust enables the threat actor to better evade existing Buer detection capabilities.”
First introduced in August of 2019, Buer is a modular malware-as-a-service offering that’s sold on underground forums and used as a first-stage downloader to deliver additional payloads, providing initial compromise of targets’ Windows systems and allowing the attacker to establish a “digital beachhead” for further malicious activity. A Proofpoint analysis in December 2019 characterized Buer as a malware coded…