The Buer malware loader is an addition to hackers toolkits which already include Emotet and BazarLoader. A cybersecurity firm, Sophos has issued an extensive report on new malicious malware.
Buer was discovered in August 2019, when it was used to compromise Windows PCs by opening the doorway to other attacks.
Sean Gallagher, a senior threat researcher at Sophos explained that Buer is a malware-as-a-service, which was “first advertised in a forum post on August 20, 2019, under the title “Modular Buer Loader.” Its developers described it as ‘a new modular bot…written in pure C’ with command and control (C&C) server code written in .NET Core MVC (which can be run on Linux servers).”
“For $350 (plus whatever fee a third-party guarantor takes), a cybercriminal can buy a custom loader and access to the C&C panel from a single IP address – with a $25 charge to change that address. Buer’s developers limit users to two addresses per account,” he added.
The new malware has bot functionality that works with each download. Bauer bots can be configured depending on which filters it will encounter. Also, it can be formatted to consider which country the attack is taking place and which specific tasks are required to successfully exploit the system.
New malware loader threat
Last month Sophos determined Buer was the root cause that a Ryuk ransomware attack was successful. The malware was delivered through Google Docs which required the hacking victim to enable gdocs scripted content to start the attack.
