Cybersecurity: Watch out for Buer malware loader


The Buer malware loader is an addition to hackers toolkits which already include Emotet and BazarLoader. A cybersecurity firm, Sophos has issued an extensive report on new malicious malware.

Buer was discovered in August 2019, when it was used to compromise Windows PCs by opening the doorway to other attacks. 

Sean Gallagher, a senior threat researcher at Sophos explained that Buer is a malware-as-a-service, which was “first advertised in a forum post on August 20, 2019, under the title “Modular Buer Loader.” Its developers described it as ‘a new modular bot…written in pure C’ with command and control (C&C) server code written in .NET Core MVC (which can be run on Linux servers).”

Signup for the USA Herald exclusive Newsletter

 “For $350 (plus whatever fee a third-party guarantor takes), a cybercriminal can buy a custom loader and access to the C&C panel from a single IP address – with a $25 charge to change that address. Buer’s developers limit users to two addresses per account,” he added.

The new malware has bot functionality that works with each download. Bauer bots can be configured depending on which filters it will encounter. Also, it can be formatted to consider which country the attack is taking place and which specific tasks are required to successfully exploit the system.

New malware loader threat 

Last month Sophos determined Buer was the root cause that a Ryuk ransomware attack was successful. The malware was delivered through Google Docs which required the hacking victim to enable gdocs scripted content to start the attack.

It works like Emotet and other types of malware loaders. The Buer malware loader uses a stolen certificate that was issued by a Poland-based developer. The certificate helps it to avoid detection. Buer also analyzes the attack environment to determine the presence of debugging software to make certain its presence can’t be easily traced through computer forensics after the attack.

Protecting your system from ransomware attacks

Cybersecurity is not just for big companies. 

In order to protect from a Buer malware attack, the user is the first line of defense. It’s important that you remain cautious regarding phishing attacks. If there is any question don’t open that email. Or with Buer be vigilant about your Google Docs.

If you don’t expect an email, don’t open that email. If you don’t know who an email is from, don’t open it. If you didn’t create the google document, don’t open it!

Make sure your system has the latest antivirus software installed. All your devices that go online need ransomware protection. Good ransomware protection software includes Bitdefender Antivirus Plus,  AVG Antivirus, Avast Antivirus, Webroot SecureAnywhere Antivirus, ESET NOD32 Antivirus.

Once you have been hit with a ransomware attack it can be really difficult to remove any malware. Buer malware loader, Emotet, or BazerLoader are all destructive.

Most good antivirus software and anti-malware software will have built-in protection against ransomware.

Back your files up to the cloud. If most of your import files are housed offline, or saved to a cloud storage system, that makes it easier. If you get hit by a ransomware attack, those saved files can be recovered. Just access your backed-up files from a different computer or device.

Any smart business will have a complete hack-attack plan. Businesses prepare and maintain recovery software platforms ensuring that a  ransomware attack that gets past their existing security endpoint will still leave them with the ability to recover everything from a recent or a real-time backup.

Ransomware protection is more vital than ever before. With the techno-pandemic, there has been a marked increase in ransomware attacks. Any computer that goes online needs protection. Remember that the best protection against any malware is to avoid the infection altogether.


Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.

Want to contribute a story? We also accept article submissions – check out our writer’s guidelines here.