A new malware-as-a-service offering has been discovered by cybersecurity firm Sophos, providing an alternative to other well-known malware loaders like Emotet and BazarLoader.
Buer, as the new malware has been dubbed, was first discovered in August 2019, when it was used to compromise Windows PCs, acting as a gateway for further attacks to follow.
“Buer was first advertised in a forum post on August 20, 2019 under the title “Modular Buer Loaderâ€, described by its developers as 'a new modular bot…written in pure C' with command and control (C&C) server code written in .NET Core MVC (which can be run on Linux servers),†Sean Gallagher, a Senior Threat Researcher at Sophos, explained.
In September, Sophos discovered Buer as the root cause of a Ryuk ransomware attack, with the malware delivered via Google Docs and requiring the victim to enable scripted content in order to work.
In this respect, Buer mimics Emotet and other loader malware variants.
USA
Australia
France
Germany
Russia
India
Canada