Microsoft warns Raspberry Robin malware is getting a lot sourer

The Raspberry Robin malware is being used to deliver all kinds of destructive code, including ransomware , to compromised endpoints , Micro...

The Raspberry Robin malware is being used to deliver all kinds of destructive code, including ransomware, to compromised endpoints, Microsoft has warned.

It seems the malware, first discovered late in 2021, and whose endgame was unknown at the time, transformed into an infection service available to anyone with cash to pay. 

Cybersecurity researchers from Microsoft have published a detailed blog post in which they describe Raspberry Robin as “part of a complex and interconnected malware ecosystem”, with links to other malware families and alternate infection methods. 

Infection for hire

Whoever is behind Raspberry Robin kept busy over these last couple of weeks, as according to Microsoft Defender for Endpoint data, almost 3,000 devices in 1,000 organizations have experienced at least one Raspberry Robin payload-related alert in the last 30 days. 

Payloads differ, the company further explained, from FakeUpdates malware which led to possible EvilCorp activity, to IceID, Bumblebee, and Truebot. This is all July 2022. 

In October 2022, though, Microsoft also spotted Raspberry Robin being used by FIN11 (AKA TA505, - the group behind the Dridex banking trojan and Locky ransomware). This activity led to Cobalt Strike hands-on-keyboard compromises, the company explained, sometimes with a Truebot infection in between the Raspberry Robin and Cobalt Strike stages. Following the Cobalt Strike beacon, the group deployed the Clop ransomware. 

All things considered, Microsoft concluded that the group behind Raspberry Robin is taking payments to deploy various malware and ransomware to its victims’ endpoints.

“Given the interconnected nature of the cybercriminal economy, it’s possible that the actors behind these Raspberry Robin-related malware campaigns—usually distributed through other means like malicious ads or email—are paying the Raspberry Robin operators for malware installs,” the report concludes.

Raspberry Robin was first identified when researchers from Red Canary discovered a “cluster of malicious activity”. The malware is usually distributed offline, via infected USB drives. After analyzing an infected thumb drive, the researchers discovered that the worm spreads to new devices via a malicious .LNK file. 



from TechRadar - All the latest technology news https://ift.tt/xGkw3gV
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8097,Trailers,796,Travel,37,Trending,4,Trendly News,24671,TrendlyNews,4,Video,5,XIAOMI,13,YouTube - 9to5Google,3,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Microsoft warns Raspberry Robin malware is getting a lot sourer
Microsoft warns Raspberry Robin malware is getting a lot sourer
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/11/microsoft-warns-raspberry-robin-malware.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/11/microsoft-warns-raspberry-robin-malware.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy