HQ/EMEAFind out how we can help your business
Raspberry Robin malware operators have been utilising a new unique defence bypassing tactic to avoid security detections. Based on reports, the researchers who spotted the new technique explained that sophisticated malware has new features that could eliminate the detection process of a targeted system.
In avoiding security solutions, the malware implemented obfuscation methods and multiple other capabilities, such as anti-debugging and evasion. Researchers will try to uncover the techniques and strategies used by the group to counteract their bypassing capabilities.
One of the abilities used by the Raspberry Robin operation is the avoidance of virtual machines.
According to investigations, the Raspberry Robin operation utilises a feature that could avoid being operators on virtual machines, which security researchers regularly use to examine and analyse a malware strain.
Hence, this capability would make studying more difficult for security defenders and analysis tools. However, some technical details to defend against such malware could still be accomplished by researchers.
The Raspberry Robin operators also included other evasive tactics in every stage of its cybercriminal operation. A separate researcher analysed a couple of new exploits that the malware utilised to acquire escalated privileges on compromised systems.
The first exploit tracked by researchers as CVE-2020-1054 takes advantage of a law in the win32k window object. The flaw could enable an attacker to write data outside its intended boundaries. However, the actors only use this exploit on Windows 7 systems.
The second exploit is CVE-2021-1732, which is a similar bug from a technical perspective but could only target Windows 10 systems that have specific build numbers. The actors could also use this exploit if the target has a particular patch in its system. Additionally, in one of their campaigns, the Bitter APT group used this exploit in their past zero-day day abuse.
Cybersecurity experts explained that the Raspberry Robin malware applied new tricks to their malicious campaigns. However, the cybersecurity industry is also improving its defences, which would counter these exploits.
Organisations should note these recent exploits to mitigate the chances of getting infected by the Raspberry Robin operators.
