Monday January 30, 2023
Advertisement
Edit
The Current Bite The Current Bite
  • most recent news
  • trending news
  • most read
  • All Video
  • Image gallery
  • more
Technology

Introducing Windows 11

August 21, 2021
Technology

Launching Mi 5X Series

August 26, 2021
Mobile

Infinix Hot 11S India

August 27, 2021
News

Xiaomi to invest $10bn

September 1, 2021
News

FBI Alerts About Hive

September 1, 2021
Mobile

OnePlus Buds Pro Matte

September 2, 2021
  • Accessibility
  • Help
  • Contact
  • About qoxag
The Current Bite The Current Bite

Breaking News

Ved- | Trailer | Riteish Deshmukh | Genelia Deshmukh |

Akshay Kumar as Chhatrapati Shivaji Maharaj in Mahesh Manjrekar’s Vedat

Cisco Confirms it has been Hacked by Yanluowang Ransomware Gang

The Big Bull of Dalal Street Rakesh Jhunjhunwala Passes Away

Elon Musk has cancelled Twitter 44$ Billion Deal

Dangerous new malware dances past more than 50 antivirus services

Tips for how transfer whatsapp chat from Android to Iphone

iPadOS 16 with new features:- Stage Manager, Weather app, Metal

Broadcom to acquiring VMware for $61 billion – BROADCOM

The Indian government directs organizations to report security breaches to

The Current Bite The Current Bite
  • Home
  • News
  • Technology
  • Entertainment
  • Sports
  • Gadgets
  • Finance
  • TCB-How to
  1. Home
  2. News
  3. New ‘Raspberry Robin’ Malware Spreading via External Drives
 New ‘Raspberry Robin’ Malware Spreading via External Drives
News Technology

New ‘Raspberry Robin’ Malware Spreading via External Drives

by VICKY May 6, 2022 0 Comment

In attribution of the malware to a group dubbed “Raspberry Robin,” Red Canary researchers discovered that the malware “leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.”
The first indications of the phenomenon are believed to date to September 2021. The first signs of the disease were found in companies with connections to the manufacturing and technology sectors.

Attack chains that are associated with Raspberry Robin start with connecting an infected USB drive to the Windows machine. The device contains the payload of the worm, which is an .LNK shortcut file that is attached to the legitimate folder.
The worm takes care of spawning a fresh process by using cmd.exe to open and run the malicious file that is stored within the hard drive.


Then, it launches explorer.exe and msiexec.exe which is the latter is used to enable external network communications to an unauthenticated domain for command-and-control (C2) purposes as well as in order to install and download an DLL library.
The dangerous DLL is loaded and executed by a series of legitimate Windows tools like fodhelper.exe, rundll32.exe to rundll32.exe and odbcconf.exe which effectively bypasses User Account Control (UAC).

Another feature common to Raspberry Robin detections is the presence of outbound C2 contact between three processes: regsvr32.exe, rundll32.exe, and dllhost.exe to IP addresses that are associated to Tor nodes.
However, the goals of the operators aren’t clear at the moment. It’s not clear how or exactly where external drives are affected It’s believed that the infection is carried out offline.

“We also don’t know why Raspberry Robin installs a malicious DLL,” the researchers claimed. “One hypothesis is that it may be an attempt to establish persistence on an infected system.”

Share This:

  • 0
    Facebook
Tags: #informationtechnology #latestvirus #malware #microsoft #RaspberryRobin #RaspberryRobinmalware
Previous post
Next post

VICKY

administrator

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • Entertainment
  • Finance
  • Gaming
  • Mobile
  • Movies Trailers
  • News
  • Sports
  • TCB-How to
  • Technology
  • Uncategorized
Most Recent
Entertainment

Ved- | Trailer | Riteish Deshmukh |

December 15, 2022
Entertainment

Akshay Kumar as Chhatrapati Shivaji Maharaj in

December 6, 2022
News

Cisco Confirms it has been Hacked by

August 16, 2022
Finance

The Big Bull of Dalal Street Rakesh

August 14, 2022
Social Profile

Daily Newsletter

Get all the top stories from Qoxag to keep track.

RELATED Stories for you
News Technology

Dangerous new malware dances past more than

by VICKY July 9, 2022

Specialists have found a new malware test fit for stowing away from more than

News Technology

Microsoft to suspend all new sales of

by VICKY March 7, 2022

Microsoft President Brad Smith says it will take additional steps as this situation continues

News Technology

Tech Update: Microsoft’s $16-Billion Bid for Nuance

by VICKY December 22, 2021

The European Commission on Tuesday granted Microsoft unconditional antitrust approval for its $16 billionĀ (roughly

Copyright © 2023 Teqtive Solutions. All Right Reserved.