Finance, insurance sectors become new targets of evolving Raspberry Robin

The Raspberry Robin malware, also known as the QNAP worm, has now set its sights on financial and insurance companies in Europe as it continues to become more sophisticated and difficult to analyze by information security experts, The Hacker News reports. In a new report by Security Joes, Raspberry Robin has allegedly been recently used against Spanish and Portuguese-speaking organizations and exhibited more complex analysis-resisting traits alongside an ability to collect more data from victims' machines than previously recorded. "What is unique about the malware is that it is heavily obfuscated and highly complex to statically disassemble," according to the report. According to the Security Joe report, one attack method used involved social engineering to lead the victim to download a 7-Zip file via a browser, with the file then dropping multiple modules by activating an MSI installer file. The researchers noted that the shellcode downloader has been upgraded to enable it to deliver different payloads based on their victims' profiles, and has been observed serving fake malware to deceive victims.