"Raspberry Robin Malware Connected to Russian Evil Corp Gang"

Security researchers at IBM stated that Raspberry Robin, a widespread USB-based worm that acts as a loader for other malware, has significant similarities to the Dridex malware loader, meaning that it can be traced back to the sanctioned Russian ransomware group Evil Corp.  The researchers reversed engineered two dynamic link libraries (DLLs) dropped during a Raspberry Robin infection and compared them to the Dridex malware loader, which is a tool that has been definitively linked to Evil Corp. in the past.  The researchers found that the decoding algorithms worked similarly, using random strings in the portable executables as well as having an intermediate loader code that decoded the final payload in a similar manner and contained anti-analysis code.  Kevin Henson, an engineer at IBM Security, stated that the results show that they are similar in structure and functionality and noted that Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks.

 

Dark Reading reports: "Raspberry Robin Malware Connected to Russian Evil Corp Gang"

Submitted by Anonymous on