Cybersecurity researchers have uncovered a new variant of a known malware (opens in new tab) that has been rewritten in the Rust (opens in new tab) programming language in order to better evade existing detection capabilities.
The Buer malware first emerged in 2019, and is used by threat actors to install a backdoor that can then be used to deliver other malware including ransomware (opens in new tab).
The researchers from Proofpoint, who discovered the new variant written in Rust, have named it RustyBuer.
- We've assembled a list of the best endpoint protection (opens in new tab) software
- These are the best firewalls (opens in new tab) on the market
- Also check out our roundup of the best disaster recovery (opens in new tab) services
“When paired with the attempts by threat actors leveraging RustyBuer to further legitimize their lures, it is possible the attack chain may be more effective in obtaining access and persistence,” the researchers say.
Delivered via email
The researchers latched onto a campaign that delivered RustyBuer via phishing emails supposedly from the DHL delivery company. As usual, the email asks users to download a Microsoft Word (opens in new tab) or Excel (opens in new tab) document in order to view details about their scheduled delivery.
Once downloaded, the document claims it is protected and asks users to enable editing, which is all it needs to unleash RustyBuer, which is embedded as a macro in the document.
The malware then establishes a persistent connection by using a shortcut file that runs at startup, which provides the attackers with a permanent backdoor into the computer.
Based on the frequency of RustyBuer campaigns that Proofpoint has observed, the researchers anticipate they’ll continue to see the new variant in the future.
- Protect your devices with these best antivirus software (opens in new tab)
Via ZDNet (opens in new tab)