The world of malware has a new rising star - and that's a big problem

(Image credit: Pixabay)

A fast-spreading malware-as-a-service offering could be providing an alternative to other well-known malware loaders like Emotet and BazarLoader, experts have warned. 

Buer was first discovered in August 2019, when it was used to compromise Windows PCs, acting as a gateway for further attacks to follow.

Buer comes with bot functionality, specific to each download. The bots can be configured depending on a variety of filters, including whether the infected machine is 32 or 64 bit, the country where the exploit is taking place and what specific tasks are required.

“Buer was first advertised in a forum post on August 20, 2019 under the title “Modular Buer Loader”, described by its developers as 'a new modular bot…written in pure C' with command and control (C&C) server code written in .NET Core MVC (which can be run on Linux servers),” Sean Gallagher, a Senior Threat Researcher at Sophos, explained

“For $350 (plus whatever fee a third-party guarantor takes), a cybercriminal can buy a custom loader and access to the C&C panel from a single IP address - with a $25 charge to change that address. Buer’s developers limit users to two addresses per account.”

A new threat

In September, Buer was found at the root cause of a Ryuk ransomware attack, with the malware delivered via Google Docs and requiring the victim to enable scripted content in order to work. In this respect, Buer mimics Emotet and other loader malware variants.

Buer uses a stolen certificate issued by a Polish software developer in order to evade detection and checks for the presence of a debugger to ensure forensic analysis can be avoided. 

Nevertheless, there are ways for individuals to protect themselves. Remaining vigilant against phishing attacks is essential, as is ensuring that the latest antivirus software is installed.

TOPICS
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.