image
A variant of the Buer malware, which is being distributed in emails disguised as DHL support shipping notices, comes with a fresh code rewrite in the popular Rust language and looks like it may be in the process of prepping for rental to other cybercrooks. Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks” a LIVE roundtable event on Wednesday, May 12 at 2:00 PM EDT for this FREE webinar sponsored by Zoho ManageEngine. Using the increasingly popular, efficient and easy-to-use Rust programming language will help the malware to slip past detection, Proofpoint researchers said in a post on Monday morning. The rigged emails are coming in two flavors. One is written in the more typical C programming language. The other’s written in Rust: a tactical shift that will help it tiptoe past detection in order to get more clicks. Buer is what’s known as a first-stage downloader: a chunk of malware sold on the underground that threat actors use to get a foothold into compromised networks. These attack tools install other types of malware during and after phishing campaigns. Proofpoint research shows that these downloaders have become increasingly beefy over the past two years, boasting ever-more advanced profiling and targeting capabilities. Proofpoint first came across Buer in 2019, and its researchers spotted the new variant in early April. This is what the DHL-themed, boobytrapped email looks like: Any unfortunates who click on the…

Source