🏅 Top traders

In the original article from lifewire, there was uncertainty about whether the devices are being compromised for DDoS, mining crypto, ransomware, or something else. The article doesn't mention it, but it also appears that nobody knew who was behind the malware.

In the recent article from bleepingcomputer, we see that the malware is being used to download FakeUpdates malware leading to "follow-on actions resembling DEV-0243 pre-ransomware behavior". DEV-0243 is linked to "Evil Corp" cybercrime group. It seems further likely that this is an attempt to evade OFAC sanctions imposed for using Dridex.

The original source from Microsoft is here: https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/

My judgment is that this counts as "discovery of the purpose" of the malware. Resolving YES.

Looks like they figured it out?
https://www.bleepingcomputer.com/news/security/microsoft-links-raspberry-robin-malware-to-evil-corp-attacks
Do I resolve YES?

I could resolve this to PROB if researchers have a partial understanding.