The world of malware has a new rising star - and that's a big problem

News
By
last updated

Buer loader paves the way for further malicious activity

(Image credit: Pixabay)

A fast-spreading malware-as-a-service offering could be providing an alternative to other well-known malware loaders like Emotet and BazarLoader, experts have warned. 

Buer was first discovered in August 2019, when it was used to compromise Windows PCs, acting as a gateway for further attacks to follow.

Buer comes with bot functionality, specific to each download. The bots can be configured depending on a variety of filters, including whether the infected machine is 32 or 64 bit, the country where the exploit is taking place and what specific tasks are required.

“Buer was first advertised in a forum post on August 20, 2019 under the title “Modular Buer Loader”, described by its developers as 'a new modular bot…written in pure C' with command and control (C&C) server code written in .NET Core MVC (which can be run on Linux servers),” Sean Gallagher, a Senior Threat Researcher at Sophos, explained

“For $350 (plus whatever fee a third-party guarantor takes), a cybercriminal can buy a custom loader and access to the C&C panel from a single IP address - with a $25 charge to change that address. Buer’s developers limit users to two addresses per account.”

A new threat

In September, Buer was found at the root cause of a Ryuk ransomware attack, with the malware delivered via Google Docs and requiring the victim to enable scripted content in order to work. In this respect, Buer mimics Emotet and other loader malware variants.

Buer uses a stolen certificate issued by a Polish software developer in order to evade detection and checks for the presence of a debugger to ensure forensic analysis can be avoided. 

Nevertheless, there are ways for individuals to protect themselves. Remaining vigilant against phishing attacks is essential, as is ensuring that the latest antivirus software is installed.

TOPICS
Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
Red padlock open on electric circuits network dark red background
AI-powered cyber threats are becoming the biggest worry for businesses everywhere
Woman using iMessage on iPhone
Apple to take legal action against British Government over backdoor request
Red padlock open on electric circuits network dark red background
Aviaton firms hit by devious new polyglot malware
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Latest in News
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
Last-minute AMD RX 9070 XT stock rumors are making me hopeful for a much better launch than Nvidia’s RTX 5000 GPUs – with just one snag
eSIM
Global eSIM shipment volume surpasses half a billion units as demand keeps on growing
Samsung Galaxy Buds in white
Samsung may be working on new cheap wireless earbuds – will the Galaxy Buds FE 2 beat Sony's next value earbuds to the punch?
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
Salesforce Agentforce 2dx
Salesforce gives AI agents the power to be proactive and autonomous like never before
Microsoft Store logo on a blurred background
There's finally a fix for an annoying Microsoft Store bug that's older than Windows 11
More about security
China

Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
Webex by Cisco banner on a Chromebook

Cisco warns some Webex users of worrying security flaw, so patch now
Samsung Galaxy Buds in white

Samsung may be working on new cheap wireless earbuds – will the Galaxy Buds FE 2 beat Sony's next value earbuds to the punch?
See more latest
Most Popular
Samsung Galaxy Buds in white
Samsung may be working on new cheap wireless earbuds – will the Galaxy Buds FE 2 beat Sony's next value earbuds to the punch?
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
eSIM
Global eSIM shipment volume surpasses half a billion units as demand keeps on growing
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
Last-minute AMD RX 9070 XT stock rumors are making me hopeful for a much better launch than Nvidia’s RTX 5000 GPUs – with just one snag
A screenshot of a character in FragPunk on PC.
FragPunk drops tomorrow for PC, but its console launch has been delayed at the last minute
Microsoft Store logo on a blurred background
There's finally a fix for an annoying Microsoft Store bug that's older than Windows 11
Salesforce Agentforce 2dx
Salesforce gives AI agents the power to be proactive and autonomous like never before
Google Pixel Watch 3 side dial and button
The Pixel Watch just got a secret display upgrade in Wear OS 5.1, but here’s why you probably shouldn’t use it
the last of us 2 gate codes
The Last of Us director Neil Druckmann speaks on the possibility of The Last of Us Part 3: 'I guess the only thing I would say is don’t bet on there being more'
A screenshot showing Naoe looking at the hidden blade in Assassin's Creed Shadows
Prep 107GB of space as Assassin's Creed Shadows preload and expected global release times are shared by Ubisoft