Raspberry Robin Evolves With Stealth Tactics, New Exploits

Raspberry Robin, a malware initially identified in 2021, has demonstrated remarkable adaptability and sophistication in its recent operations, according to a new report.
The findings come from Check Point researchers, who published a new analysis on Wednesday revealing unique and innovative methods employed by the malware, including exploiting vulnerabilities to gain higher privileges.
According to the technical write-up, Raspberry Robin has introduced two new 1-day Local Privilege Escalation exploits, indicating either access to a dedicated exploit developer or a high capability for rapid exploit development.
Notably, the malware has also undergone a notable transformation in its distribution method.
Previously reliant solely on USB drives for propagation, it has now expanded its reach by utilizing Discord as a primary means of dissemination.
The Check Point team added that the malware consistently updates its features and evasion techniques to evade security defenses.
They also cautioned that proactive measures are essential to address this threat effectively.
This includes regularly updating software and systems, conducting thorough vulnerability assessments, training employees on cybersecurity best practices, implementing robust access controls and staying informed about emerging threats and mitigation techniques.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 08 Feb 2024 17:00:38 +0000


Cyber News related to Raspberry Robin Evolves With Stealth Tactics, New Exploits

Raspberry Robin malware evolves with early access to Windows exploits - Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them. One-day exploits refer to code that leverages a vulnerability that the developer of the ...
10 months ago Bleepingcomputer.com
Raspberry Robin devs are buying exploits for faster attacks The Register - Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks. An exploit developer is thought by infosec pros to be either on the Raspberry Robin payroll or a close contact that sells them to ...
10 months ago Go.theregister.com
Raspberry Robin Jumps on 1-Day Bugs to Nest Deep in Windows Networks - The Raspberry Robin worm is incorporating one-day exploits almost as soon as they're developed, in order to improve on its privilege escalation capabilities. Researchers from Check Point suspect that the developers behind the initial access tool are ...
10 months ago Darkreading.com
Raspberry Robin Evolves With Stealth Tactics, New Exploits - Raspberry Robin, a malware initially identified in 2021, has demonstrated remarkable adaptability and sophistication in its recent operations, according to a new report. The findings come from Check Point researchers, who published a new analysis on ...
10 months ago Infosecurity-magazine.com
Hackers abuse Windows SmartScreen flaw to drop DarkGate malware - A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. SmartScreen is a Windows security feature that ...
9 months ago Bleepingcomputer.com
Hackers exploit Windows SmartScreen flaw to drop DarkGate malware - A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. SmartScreen is a Windows security feature that ...
9 months ago Bleepingcomputer.com
New ATM Malware family emerged in the threat landscape - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Raspberry Robin spotted using two ...
6 months ago Securityaffairs.com
CVE-2021-38545 - Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an ...
3 years ago
An Argument for Coordinated Disclosure of New Exploits - There were more than 23,000 vulnerabilities discovered and disclosed. While not all of them had associated exploits, it has become more and more common for there to be a proverbial race to the bottom to see who can be the first to release an exploit ...
6 months ago Darkreading.com
Kali Linux 2023.4 is Out: Cloud ARM64, Hyper-V, Pi 5, & More! - As 2023 draws to a close, Kali Linux enthusiasts are in for a treat with the latest release, Kali Linux 2023.4. Packed with innovative features and improvements, this update focuses on expanding platform support and refining existing capabilities. ...
1 year ago Hackread.com
Chinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 Continents - A previously unidentified Chinese espionage group has managed to breach at least 70 organizations across 23 countries, including 48 in the government space, despite using rather standard-fare tactics, techniques, and procedures. Fitting such a ...
9 months ago Darkreading.com
Ai, Cybersecurity Awareness, And Communication - We're only beginning to see the scope of these attacks and the approaches attackers are developing because of this technology. The rapid advancements in AI technology have opened up new avenues for attackers to exploit vulnerabilities and launch ...
10 months ago Cyberdefensemagazine.com
FlyingYeti targets Ukraine using WinRAR exploit to drop Malware - MUST READ. FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. ...
6 months ago Securityaffairs.com
Privilege elevation exploits used in over 50% of insider attacks - Elevation of privilege flaws are the most common vulnerability leveraged by corporate insiders when conducting unauthorized activities on networks, whether for malicious purposes or by downloading risky tools in a dangerous manner. A report by ...
1 year ago Bleepingcomputer.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
2 months ago Tenable.com
Rhadamanthys Stealer malware evolves with more powerful features - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
1 year ago Bleepingcomputer.com
East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
1 year ago Cnn.com
'Magnet Goblin' Exploits Ivanti 1-Day Bug in Mere Hours - While threat actors converged on Ivanti edge devices earlier this year, one of them moved quicker than the rest, deploying a one-day exploit the day after its public disclosure. Of the five vulnerabilities that came to light in recent months, ...
9 months ago Darkreading.com
Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
10 months ago Securityboulevard.com
Raspberry Robin spotted using two new 1-day LPE exploits - We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience ...
10 months ago Securityaffairs.com
Year in Malware 2023: Recapping the major cybersecurity stories of the past year - Botnets kept coming back from the dead, ransomware actors found new ways to make money through data theft extortion and threat actors and malware who have been around for more than a decade find ways to stay relevant. After Microsoft blocked macros ...
1 year ago Blog.talosintelligence.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
The Week in Ransomware - With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. Last weekend, BleepingComputer tested a new decryptor for the Black Basta ransomware to show how it ...
11 months ago Bleepingcomputer.com
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com
Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities - Researchers have discovered an Internet of Things botnet linked with attacks against multiple US government and communications organizations. It comes built with a series of stealth mechanisms and the ability to spread further into local area ...
1 year ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)