Buer
Buer is a Trojan downloader that installs other threats onto your computer, with the payloads determinable by the third-party threat actors renting its services. Buer includes significant defenses against detection by casual methods and failsafe checks for selecting intended targets. Users can protect themselves with safe behavior around e-mail and Web advertisements, and leverage updated anti-malware solutions for blocking or deleting Buer.
A Hostile Delivery from Russia to the Rest of the World
An in-depth analysis of the code of a new product on Black Hat forums shows that Russian programmers continue playing roles in facilitating Trojan campaigns, if not with their government's approval necessarily. Buer is another 'delivery man' style Trojan that provides downloading services for installing other threats, which criminals are using for propagating software with data-collecting features, like Trojan.TrickBot and KPOT Stealer, which target bank accounts and passwords. Although its goals are prosaic enough, Buer has various extras showing the priorities and marketing plan of its author.
Buer campaigns are using two broad strategies for infiltrating their targets: spam e-mails or malvertising. The former, often, use disguised documents with macros, and, in some cases, in-between drive-by-downloading threats like the Fallout Exploit Kit. Adding further complexity to the attacks, malware experts also see some scenarios where Buer drops other Trojans with independent threat-downloading capabilities, like the SmokeLoader.
However, before Buer runs its primary functions, it checks for VMs and other, telltale signatures of analysis environments. Buer also contains further prerequisites concerning the geolocation of the hardware and will not run on devices in Russia or nearby nations. While Buer isn't programmed flawlessly, its code displays significant sophistication, contrasting with other Trojan downloaders operating in the Russian black hat software scene.
How the Business Side of Buer Impacts You
The four hundred USD-value fees for Buer are affordable to many threat actors, as the Trojan's proliferation shows so well in 2019's winter season. Unfortunately, malware analysts also are forced to confirm Buer's compatibility with more targets than just the average Windows PC. Buer also may run in macOS or Linux and has Docker container support for helping it spread to other systems rapidly. Meanwhile, its .NET admin panel UI is, as usual, a user-friendly experience, and lets criminals control their downloads without much programming expertise.
Systems in former Soviet Union nations shouldn't experience any direct impact from Buer. However, many campaigns using infection vectors like Buer's will include alternative payloads for different users in various countries. While operating in a Virtual Machine is an effective means of protection, too, doing so could be impractical for many users.
Victims that scan their e-mail attachments and other downloads through proper security solutions should find and delete Buer or Trojans related to its installation immediately. This Trojan does include Registry persistence on a looping behavioral basis, and users should assume it's active unless they've taken steps for disinfecting the system.
Buer's use of creative elements like Dockers, and its more traditional behaviors like avoiding targeting fellow Russians, makes it a strong example of the Trojan downloading industry going forward. Geopolitical entities play roles in cyber-warfare inevitably, whether it's as 'good guys,' villains, or neutral, uninvolved parties.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.