Ferris, the Rust mascot
Developers of the malicious downloader Buer have taken the unusual step of rewriting the malware in a lesser-known Rust programming language, presumably to avoid detection while also potentially slowing down investigative analysis.
While it’s fairly common to find malware written in C, C+, Python and Java, threat actors have also been known to experiment with more obscure languages as a means to stay ahead of detection and forensics. But “it is unusual to see common malware written in a completely different way,” according to a blog post this week from Proofpoint.
Buer is traditionally written in C language and is often used to deliver second-stage payloads, especially Cobalt Strike and its Beacon feature, which can help pave the way for a ransomware attack. Buer can theoretically also be used by initial access brokers to compromise systems and then sell their foothold on the black market.
Proofpoint researchers have named the newly rewritten variant RustyBuer after discovering phishing campaigns attempting to distribute the Rust version of the malware to more than 200 organizations, via emails purporting to be from DHL Suppo ..
Support the originator by clicking the read the rest link below.
