A new malware-as-a-service with bot functionality is becoming more widely available, ready to pave the way for further malicious activity…
There’s a fast-spreading malware on the net, offered as malware-as-a-service. It provides an alternative to more well-known malicious programs, such as Emotet and BazarLoader, digital security experts warn. What makes it so dangerous is its ability to compromise security protocols, infect machines, and open up avenues for subsequent threat actors, like ransomware attacks.
Buer Loader Malware, Equipped with Bot Functionality, Poses Huge Threat, Cybersecurity Experts Warn
It’s known as the Buer loader, and was first discovered in August 2019. At the time, it was used to compromise Windows PCs, acting as a gateway for ensuing attacks to follow. Buer comes equipped with bot functionality, which can be customized and made specific for each download. The bots are able to be configured with a variety of filters, including identifying target computers as either 32 or 64 bit. Plus, tailored to the country where the exploit unloads and what specific tasks hackers require.
Back in September, security researchers found Buer as the root cause of a Ryuk ransomware attack. The malware was delivered through Google Docs, requiring the victim to enable scripted content to work with the files. It’s readily available and fairly easy to use. Sean Gallagher, a Senior Threat Researcher at Sophos, explains:
“For $350 (plus whatever fee a third-party guarantor takes), a cybercriminal can buy a custom loader and access to the C&C panel from a single IP address – with a $25 charge to change that address. Buer’s developers limit users to two addresses per account.”