Home Malware Programs Malware Raindrop Malware

Raindrop Malware

Posted: January 20, 2021

The cyberattack against the SolarWinds software vendor continues to surprise malware researchers who keep encountering remnants of other malware families involved in the dangerous campaign. After discovering several new malware families like SUNSPOT, SUNBURST, and Teardrop, they have now uncovered a fourth, previously undetected malware sample. The new threat is called Raindrop, and it was found on just a few of the infected devices – cybersecurity experts suspect that this implant was used in the later stages of the attack, and its usage was very limited.

The Raindrop Malware works as a Trojan backdoor, and its features overlap with the ones found in the Teardrop malware largely. However, while they both have similar functionality on the surface level, security experts note that the two backdoors were very different in terms of their code – they used different functions and algorithms to achieve similar results.

Another difference between the two malware families is that the deployment of the Teardrop Malware involved the use of the SUNBURST Malware. While the Raindrop Malware was also found on systems infected by SUNBURST, experts were unable to identify the exact infection vector used to install this malware component.

The SolarWinds attack is one of the largest supply-chain attacks to occur in the past few years, and the group behind it clearly had a sophisticated plan for their operation. The usage of several malware families that overlap in terms of functionality is unusual, and it is likely that there is much more to be discovered about this campaign.

Loading...