Security News > 2022 > September > New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers
Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators' connections to the Russia-based Evil Corp group.
The findings suggest that "Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks," IBM Security X-Force researcher Kevin Henson said in a Thursday analysis.
"The Raspberry Robin loaders are DLLs that decode and execute an intermediate loader," Henson said.
IBM Security X-Force's comparative analysis of a 32-bit Raspberry Robin loader and a 64-bit Dridex loader uncovered overlaps in functionality and structure, with both components incorporating similar anti-analysis code and decoding the final payload in an analogous manner.
Dridex is the handiwork of Evil Corp and refers to a banking trojan with capabilities to steal information, deploy additional malware such as ransomware, and enslave compromised Windows machines into a botnet.
To mitigate Raspberry Robin infections, it's recommended that organizations monitor USB device connections and disable the AutoRun feature in the Windows operating system settings.
News URL
https://thehackernews.com/2022/09/new-evidence-links-raspberry-robin.html
Related news
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)