Tag Archive for: Discord

Raspberry Robin Malware Upgrades with Discord Spread and New Exploits

/in


Feb 09, 2024NewsroomMalware / Dark Web

Raspberry Robin Malware

The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before.

This means that “Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time,” Check Point said in a report this week.

Raspberry Robin (aka QNAP worm), first documented in 2021, is an evasive malware family that’s known to act as one of the top initial access facilitators for other malicious payloads, including ransomware.

Attributed to a threat actor named Storm-0856 (previously DEV-0856), it’s propagated via several entry vectors, including infected USB drives, with Microsoft describing it as part of a “complex and interconnected malware ecosystem” with ties to other e-crime groups like Evil Corp, Silence, and TA505.

Cybersecurity

Raspberry Robin’s use of one-day exploits such as CVE-2020-1054 and CVE-2021-1732 for privilege escalation was previously highlighted by Check Point in April 2023.

The cybersecurity firm, which detected “large waves of attacks” since October 2023, said the threat actors have implemented additional anti-analysis and obfuscation techniques to make it harder to detect and analyze.

“Most importantly, Raspberry Robin continues to use different exploits for vulnerabilities either before or only a short time after they were publicly disclosed,” it noted.

“Those one-day exploits were not publicly disclosed at the time of their use. An exploit for one of the vulnerabilities, CVE-2023-36802, was also used in the wild as a zero-day and was sold on the dark web.”

A report from Cyfirma late last year revealed that an exploit for CVE-2023-36802 was being advertised on dark web forums in February 2023. This was seven months before Microsoft and CISA released an advisory on active exploitation. It was patched by the Windows maker in September 2023.

Raspberry Robin Malware

Raspberry Robin is said to have started utilizing an exploit for the flaw sometime in October 2023, the same month a public exploit code was made available, as well as for CVE-2023-29360 in August. The latter was publicly…

Source…

Popular Social Media App Discord Clamps Down To Fight Cyber Attacks – Forbes Advisor

/in


Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors’ opinions or evaluations.

Multimedia social platform Discord is cracking down on malicious links, known as malware, by activating stronger security measures. From now on, Discord links that are shared outside the platform will expire after 24 hours. The goal is to lessen users’ exposure to malware, making it harder for identity thieves to steal users’ personal and financial information.

Hackers commonly exploit Discord servers to host malicious files and distribute malware. Malware can include spyware, key-loggers and viruses that infect users’ computers and reveal personal data and access codes, enabling identity theft and other crimes. In the past, familiarity with the Discord brand has often led users to click seemingly safe links that turned out to be malware, bringing on a cyberattack.

The new 24-hour expiration feature will only apply to links shared outside of Discord. Within Discord, shared file links will update automatically, so internal users can access files without the threat of expiration.

Featured Partners

Price

$19.99 your first year

“There is no impact for Discord users that share content within the Discord client. Any links within the client will be auto-refreshed,” said Discord communications manager Hannah Stabingas.

Stabingas said the new measures, rolling out in December 2023 and early 2024, will enhance privacy and security for the app’s 150 million-plus active monthly users.

“This will help our safety team restrict access to flagged content and generally reduce the amount of malware distributed using our CDN (content delivery network),” Stabingas said.

Malware has been an ongoing problem for Discord. According to Discord’s latest transparency report, during the third quarter of 2023, 11,885 accounts and 2,389 servers were removed from the platform for deceptive practices. These practices include malware, fraud and scams, according to the report.

Cybersecurity expert Jake Williams, a faculty member at the Institute for Applied Network Security (IANS), says the new changes will likely be…

Source…

It's Time to Improve Cybersecurity Awareness Amongst Discord Users – devmio

/in



It’s Time to Improve Cybersecurity Awareness Amongst Discord Users  devmio

Source…

Roblox and Discord Become Virus Vectors for New PyPI Malware – The New Stack

/in


If you can communicate on it, you can abuse it. This was proven again recently when a hacker using the name “scarycoder” uploaded a dozen malicious Python packages to PyPI, the popular Python code repository. These bits of code pretended to provide useful functions for Roblox gaming community developers, but all they really did was steal users’ information. So far, so typical. Where it got interesting is it used the Discord messaging app to download malicious executable files.

Snyk developer security researchers found the nasty Python code with their static analysis tools. These poisonous packages were built with PyInstaller. This bundled the malicious application and its dependencies into one package. purpose. PyInstaller served two purposes here. First, it tried to make it harder to detect by incorporating the malicious code in dependencies instead of downloading them from a remote server to the host. Second, this enabled them to provide naive developers with an executable file that didn’t require the safety belt interpreter.

Perfect Storm

Since, as Taylor Ellis, a Customer Threat Analyst for Horizon3ai, an Autonomous pentest startup, said, “Roblox is an online gaming platform where users go to play games or create their own gaming programs. It is highly popular among children, for according to their user base, 67% of Roblox users are under the age of 16.” And, since Roblox players frequently go on Discord to talk with strangers, you’ll have a perfect storm for users’ machines to get infected. These still wet behind the ears developers don’t realize that running an unknown executable is just asking to be hacked.

Ellis added, “Roblox and Discord need to do more to protect the majority of young users on their platforms.” And “Roblox does little to warn their users about the dangers of clicking on malicious links within their platform, which sometimes lead to a malevolent Discord server or external backwater website.”

Easy to Abuse

In the battle between ease of use and security, Roblox and Discord err on the side of making their systems too easy to abuse.

As for the attacks themselves, Snyk observes that the Windows malware targets data that is stored…

Source…