Security News > 2021 > May > New Buer Malware Downloader Rewritten in E-Z Rust Language

A variant of the Buer malware, which is being distributed in emails disguised as DHL support shipping notices, comes with a fresh code rewrite in the popular Rust language and looks like it may be in the process of prepping for rental to other cybercrooks.

Using the increasingly popular, efficient and easy-to-use Rust programming language will help the malware to slip past detection, Proofpoint researchers said in a post on Monday morning.

Buer is what's known as a first-stage downloader: a chunk of malware sold on the underground that threat actors use to get a foothold into compromised networks.

Researchers say that the new, completely rewritten Rust variant is an unusual departure from malware developers' far more common preference of the C programming language.

Fellow Rust fans include Microsoft, which joined the Rust Foundation in February and is increasingly using the language in products.

"Rewriting the malware in Rust can enable the threat actor to evade existing Buer detections that are based on features of the malware written in C.".

News URL

https://threatpost.com/buer-malware-loader-rewritten-rust/165782/