Security News > 2021 > May > A Rust-based Buer Malware Variant Has Been Spotted in the Wild
Cybersecurity researchers on Monday disclosed a new malspam campaign distributing a fresh variant of a malware loader called "Buer" written in Rust, illustrating how adversaries are constantly honing their malware toolsets to evade analysis.
"Rewriting the malware in Rust enables the threat actor to better evade existing Buer detection capabilities."
A Proofpoint analysis in December 2019 characterized Buer as a malware coded entirely in C, using a control panel written in.
In September 2020, the operators behind Ryuk ransomware were found using the Buer malware dropper as an initial access vector in a spam campaign directed against an unnamed victim.
The new maldoc campaign follows a similar modus operandi, using DHL-themed phishing emails to distribute weaponized Word or Excel documents that deliver the Rust variant of Buer loader.
The "Unusual" departure from the C programming language means Buer is now capable of circumventing detections that are based on features of the malware written in C. "The rewritten malware, and the use of newer lures attempting to appear more legitimate, suggest threat actors leveraging RustyBuer are evolving techniques in multiple ways to both evade detection and attempt to increase successful click rates," the researchers said.