Quote:A variant of the Buer malware, which is being distributed in emails disguised as DHL support shipping notices, comes with a fresh code rewrite in the popular Rust language and looks like it may be in the process of prepping for rental to other cybercrooks.
Using the increasingly popular, efficient and easy-to-use Rust programming language will help the malware to slip past detection, Proofpoint researchers said in a post on Monday morning. The rigged emails are coming in two flavors. One is written in the more typical C programming language. The other’s written in Rust: a tactical shift that will help it tiptoe past detection in order to get more clicks.
Buer is what’s known as a first-stage downloader: a chunk of malware sold on the underground that threat actors use to get a foothold into compromised networks. These attack tools install other types of malware
during and after phishing campaigns. Proofpoint research shows that these downloaders have become increasingly beefy over the past two years, boasting ever-more advanced profiling and targeting capabilities.
Proofpoint first came across Buer in 2019, and its researchers spotted the new variant in early April. This is what the DHL-themed, boobytrapped email looks like:
Any unfortunates who click on the malicious Microsoft Word or Excel attachment will trigger a drop of the new, Rust-written Buer variant, which researchers are calling RustyBuer. It’s cutting a wide path across the internet: More than 200 organizations across more than 50 verticals have been hit by the campaign, Proofpoint says.
Read more: Buer Malware Tool Rewritten in E-Z Rust Language | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
