Security Experts Track the New Buer Loader

On August 28, 2019, security experts spotted a campaign that involved malicious email messages pretending to be email replies to earlier messages. These emails had Microsoft Word attachments that downloaded the next stage payloads with the help of Microsoft Office macros. The next campaign was spotted on October 10, 2019, and targeted Australia. It was found to be redirecting to the Fallout Exploit Kit (EK) that dropped the new loader. Just a few days later, on October 21, 2019, another campaign came into the picture. This was yet another email campaign with Microsoft Word attachments. An advertisement was found for the Buer loader in an underground forum on August 16. The features added to the advertised loader was found to be used in the subsequent campaigns.