0 %

Researchers Warn of ‘Raspberry Robin’ Malware Spreading via External Drives

May 6, 2022
Raspberry Robin

Cybersecurity scientists have actually uncovered a brand-new Windows malware with worm-like capacities as well as is circulated through detachable USB gadgets.

Connecting the malware to a collection called “ Raspberry Robin,” Red Canary scientists noted that the worm “leverages Windows Installer to connect to QNAP-associated domain names as well as download and install a harmful DLL.”

The earliest indicators of the task are claimed to go back to September 2021, with infections observed in companies with connections to modern technology as well as production fields.

Assault chains relating to Raspberry Robin begin with linking a contaminated USB drive to a Windows maker. Existing within the gadget is the worm haul, which looks like a.LNK faster way data to a genuine folder.

Raspberry Robin

The worm after that looks after generating a brand-new procedure making use of cmd.exe to check out as well as perform a harmful data kept on the exterior drive.

This is adhered to by introducing explorer.exe as well as msiexec.exe, the latter of which is utilized for exterior network interaction to a rogue domain name for command-and-control (C2) functions as well as to download and install as well as mount a DLL collection data.

The destructive DLL is consequently packed as well as performed making use of a chain of genuine Windows energies such as fodhelper.exe, rundll32.exe to rundll32.exe, as well as odbcconf.exe, successfully bypassing User Account Control (UAC).

Likewise usual throughout Raspberry Robin discoveries is the visibility of outbound C2 get in touch with including the procedures regsvr32.exe, rundll32.exe, as well as dllhost.exe to IP addresses related to Tor nodes.

That claimed, the drivers’ purposes stay unanswered at this phase. It’s additionally vague just how as well as where the exterior drives are contaminated, although it’s presumed that it’s executed offline.

” We additionally do not recognize why Raspberry Robin sets up a harmful DLL,” the scientists claimed. “One theory is that it might be an effort to develop perseverance on a contaminated system.”

Posted in SecurityTags:
Write a comment