• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
raspberry robin worm evolves to attack financial and insurance sectors

Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe

You are here: Home / General Cyber Security News / Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe
January 3, 2023

Economical and insurance coverage sectors in Europe have been focused by the Raspberry Robin worm, as the malware proceeds to evolve its submit-exploitation capabilities although remaining underneath the radar.

“What is one of a kind about the malware is that it is heavily obfuscated and hugely complex to statically disassemble,” Security Joes reported in a new report revealed Monday.

The intrusions, noticed from Spanish and Portuguese-speaking businesses, are notable for amassing a lot more sufferer equipment information than previously documented, with the malware now exhibiting sophisticated procedures to resist evaluation.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Raspberry Robin, also termed QNAP worm, is becoming utilized by a number of menace actors as a signifies to achieve a foothold into target networks. Unfold by using contaminated USB drives and other procedures, the framework has been recently place to use in attacks aimed at telecom and government sectors.

Microsoft is tracking the operators of Raspberry Robin below the moniker DEV-0856.

Security Joes’ forensic investigation into 1 such attack has uncovered the use of a 7-Zip file, which is downloaded from the victim’s browser by using social engineering and is made up of an MSI installer file intended to drop a number of modules.

Raspberry Robin Worm

In an additional instance, a ZIP file is explained to have been downloaded by the victim through a fraudulent advertisement hosted on a domain which is identified to distribute adware.

The archive file, saved in a Discord server, contains encoded JavaScript code that, on execution, drops a downloader which is guarded with numerous layers of obfuscation and encryption to evade detection.

The shellcode downloader is generally engineered to fetch more executables, but it has also observed important updates that enables it to profile its victims to deliver correct payloads, in some circumstances even resorting to a type of trickery by serving bogus malware.

This requires collecting the host’s Universally Special Identifier (UUID), processor identify, connected display screen devices, and the range of minutes that have elapsed considering that process startup, along with the hostname and username details that was gathered by more mature versions of the malware.

The reconnaissance knowledge is then encrypted using a hard-coded important and transmitted to a command-and-handle (C2) server, which responds back again with a Windows binary that is then executed on the machine.

“Not only did we explore a model of the malware that is various situations far more complex, but we also found that the C2 beaconing, which utilized to have a URL with a plaintext username and hostname, now has a sturdy RC4 encrypted payload,” menace researcher Felipe Duarte stated.

Located this post attention-grabbing? Observe us on Twitter  and LinkedIn to examine additional unique articles we post.


Some sections of this posting are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Ukrainian Cops Bust Major Vishing Call Center
Next Post: LockBit Hands Ransomware Decryptor to Kids’ Hospital Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL
  • New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks
  • UK insurer announces ‘world-first’ cyber catastrophe bond
  • Why Do User Permissions Matter for SaaS Security?
  • FCC plans strict overhaul of 15-year-old US data breach regulations
  • Security updates for Windows 7 finally end, users urged to upgrade
  • Global Cyber-Attack Volume Surges 38% in 2022
  • Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands
  • Threat Actors Spread RAT Via Pokemon NFT Card Site
  • FCC Wants to Accelerate Breach Reporting for Telcos

Copyright © TheCyberSecurity.News, All Rights Reserved.