Remover saferpass12/16/2023 ![]() In the most recent campaign, attackers improved the social engineering behind the email lure by including more details aimed at enticing recipients to click on the malicious files, Proofpoint says. The Buer and RustyBuer campaigns use DHL-themed phishing emails containing a malicious Microsoft Word or Excel document. Researchers first observed Buer in 2019, Proofpoint notes. Sophos had tracked Buer being used to drop Ryuk in October 2020 (see: Ryuk Ransomware Updated With 'Worm-Like Capabilities'). The attackers are using the malware to establish a beachhead inside a system, and in some cases, these attackers then opt to sell this access to others who go on to implant additional malware, including Cobalt Strike and ransomware, Proofpoint says. Proofpoint recently detected emails with RustyBuer targeting over 200 organizations in 50 industries. ![]() By using this language, RustyBuer can better evade existing Buer detection capabilities, Proofpoint says. While the malware executed as expected, we had to make a few adjustments so that we could see all of the command-and-control communications."ĭue to its efficiency and broad feature set, Rust is becoming a widely used programming language. "For example, RustyBuer uses its own TLS library. "However, rewriting malware can enable a threat actor to evade existing detections," she says. Sherrod DeGrippo, senior director of threat research and detection at Proofpoint, says the language switch didn't alter the malware's functionality or capability. It is unusual to see common malware written in a completely different way," the researchers say. "The new strain is completely rewritten in a coding language called Rust, a departure from the previous C programming language. RustyBuer is capable of exfiltrating information from a targeted system. Proofpoint says a gang likely developed the malware to sell to others on darknet marketplaces. In April, researchers observed the loader, dubbed RustyBuer, being distributed via emails purporting to be DHL shipping support notices. See Also: Fireside Chat | Zero Tolerance: Controlling The Landscape Where You'll Meet Your Adversaries A malicious attachment containing RustyBuer malware (Source: Proofpoint)Īttackers are using a freshly updated variant of the Buer first-stage malware loader rewritten in the Rust programming language to help evade detection, the security firm Proofpoint reports.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |