Rust used for rewriting Buer malware; here’s why

A new variant of the Buer malware loader which is rewritten in Rust has been identified. It is a massive change from the C programming language and shows a trend that is increasingly being followed.

Buer, as observed back in 2019, is a downloader leveraged to derive a grasp of the compromised networks to disperse other malware. The new variant known as RustyBuer is leveraged as part of a campaign to send out emails disguised to come from DHL support. Such emails have links to a malicious Microsoft Word or Excel document, that utilises macros to place the malware.

Researchers have stated that it is not common for malware to be written in a unique way. While the Buer and RustyBuer malware leverage similar email lures, in the case of RustyBuer the attachments have more information to manipulate users.

Though it is still not clear why Buer attackers invested so much time to write it using a new language. Researchers have pointed out two reasons, one being that Rust is a very popular programming language and comes equipped with more features than the C programming language.

Another reason could be that developing the malware using Rust can benefit attackers as it can bypass existing Buer identifiers which were based on the C language.

The rewritten malware, As well as the new ways of lures that appear to be more genuine, prove that the attackers leveraging RustyBuer are coming up with new techniques to avoid detection and boost the number of clicks.