"Raspberry Robin Malware Expands Arsenal with Windows Exploits and Discord Spread"
The Raspberry Robin malware has evolved to include one-day exploits targeting vulnerabilities in Windows systems, indicating that the malware operator has access to exploit code or sources. The malware has also implemented new evasion techniques and distribution methods, including the use of Discord to drop malicious files onto targets. Check Point reports an increase in Raspberry Robin's operations, with large attack waves targeting systems worldwide. The malware now leverages exploits for CVE-2023-36802 and CVE-2023-29360 to elevate privileges on infected devices, and it has added new evasion mechanisms to evade security tools and OS defenses. The malware's operators are likely connected to a developer that provides exploit code, and Check Point provides indicators of compromise for identifying Raspberry Robin.
- Raspberry Robin malware evolves with early access to Windows exploits BleepingComputer
- Raspberry Robin Keeps Riding the Wave of Endless 1-Days Check Point Research
- Raspberry Robin Malware Upgrades with Discord Spread and New Exploits The Hacker News
- Raspberry Robin devs are buying exploits for faster attacks The Register
- Raspberry Robin spotted using two new 1-day LPE exploits Security Affairs
Reading Insights
0
0
4 min
vs 5 min read
86%
849 → 118 words
Want the full story? Read the original article
Read on BleepingComputer