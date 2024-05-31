The Pakistan Telecommunication Authority (PTA) has issued a cyber security advisory regarding the sophisticated Raspberry Robin malware, which is now exploiting Discord and undisclosed “0-day” vulnerabilities.

According to the advisory, previously recognized as a USB-borne worm, Raspberry Robin has advanced, employing zero-day exploits to target vulnerabilities before official patches are released. The malware now leverages Discord for distribution, embedding itself within seemingly innocuous archive files downloaded from the platform. It exploits user trust by using a legitimate Microsoft program, OleView.exe, alongside a malicious DLL with a disguised signature.

The PTA has categorized this threat under Advanced Malware, Discord Exploitation, and 0-Day Vulnerabilities, noting that systems are particularly susceptible to CVE-2023-36802 and CVE-2023-29360. The advisory emphasizes that the attack vectors involve Discord payload distribution and 0-day exploits.

The PTA has asked the administrators to update systems with the latest security patches, prioritizing the vulnerabilities targeted by Raspberry Robin. The advisory recommends conducting thorough training on social engineering tactics, highlighting the risks of downloading files from unknown or seemingly trusted sources like Discord. Deploying advanced security solutions capable of detecting and neutralizing sophisticated threats beyond traditional antivirus measures is also advised. Regular checks for active Indicators of Compromise (IOCs) related to Raspberry Robin and updates to security protocols are essential.

According to the advisory, users should be cautioned about the potential risks associated with file downloads from Discord, even in seemingly legitimate conversations. Implementing robust network monitoring to detect and mitigate lateral movement attempts by Raspberry Robin is crucial. The PTA advises reporting any incidents to their office through the PTA CERT Portal and via email.