Security firm Proofpoint says attackers are using a newly updated variant of the Buer first-stage malware loader to evade detection. The loader, dubbed RustyBuer, is being distributed via emails purporting to be DHL shipping support notices. The new strain is completely rewritten in a coding language called Rust, a departure from the previous C programming language. Rust is becoming a widely used programming language, and can better evade existing Buer detection capabilities, the researchers say. Proofpoint: New Code Makes ‘RustyBuer’ Version Harder to Detect.”]
Source: https://www.govinfosecurity.com/buer-dropper-malware-updated-using-rust-a-16512