Security News > 2022 > September > New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers

New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers
2022-09-02 07:00

Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators' connections to the Russia-based Evil Corp group.

The findings suggest that "Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks," IBM Security X-Force researcher Kevin Henson said in a Thursday analysis.

"The Raspberry Robin loaders are DLLs that decode and execute an intermediate loader," Henson said.

IBM Security X-Force's comparative analysis of a 32-bit Raspberry Robin loader and a 64-bit Dridex loader uncovered overlaps in functionality and structure, with both components incorporating similar anti-analysis code and decoding the final payload in an analogous manner.

Dridex is the handiwork of Evil Corp and refers to a banking trojan with capabilities to steal information, deploy additional malware such as ransomware, and enslave compromised Windows machines into a botnet.

To mitigate Raspberry Robin infections, it's recommended that organizations monitor USB device connections and disable the AutoRun feature in the Windows operating system settings.


News URL

https://thehackernews.com/2022/09/new-evidence-links-raspberry-robin.html