Most followers of malware news have certainly heard of Emotet. Emotet is part of an extensive family of malware known as a bot or zombie, which means that it regularly and quietly connects to Command & Control servers operated by hackers. Zombies generally upload details of each network they infect and download instructions on what to do next.
A collection of zombified computers on the same set of C&C servers is known as a botnet, short for robot network, because crooks that control those C&C servers can send commands to one, many or all of those infected computers simultaneously.
Now, a newer and fast-spreading malware-as-a-service offering could provide an alternative to other well-known malware loaders like Emotet and BazarLoader, according to experts. The Buer Loader was first discovered in August of 2019 when it was used to compromise Windows PCs. Buer arrives equipped with bot functionality, which is specific to each download.
According to Sean Gallagher, a Senior Threat Researcher at Sophos, “Buer was first advertised in a forum post on August 20, 2019 under the title “Modular Buer Loader”, described by its developers as ‘a new modular bot…written in pure C’ with command and control (C&C) server code written in .NET Core MVC (which can be run on Linux servers), For $350 (plus whatever fee a third-party guarantor takes), a cybercriminal can buy a custom loader and access to the C&C panel from a single IP address – with a $25 charge to change that address. Buer’s developers limit users to two addresses per account.”
In September of 2020, the Buer Loader was found to be at the root of a Ryuk ransomware attack when the malware was delivered via Google Docs and required the victim to enable scripted content to work. In this way, Buer mimics Emotet and other loader malware types. Buer employs a stolen certificate issued by a Polish software designer to evade detection and scans for the presence of any debuggers to ensure forensic analysis can be prevented.
Although these attacks are increasing in frequency, there are always ways for individuals and businesses to protect themselves, including remaining vigilant against phishing attacks and ensuring that the latest anti-malware software is installed.
If you are still having trouble, consider contacting remote technical support options.