Microsoft has spotted a Windows worm on networks of hundreds of organisations in various industries. The malware is called “Raspberry Robin” and spreads through USB devices.
Raspberry Robin was first spotted in September 2021 by intelligence analysts Red Canary, Bleeping Computer reported. Now, the worm has been detected on the networks of multiple customers, many of whom are companies from the technology and manufacturing sectors.
Microsoft noted that the malware was connecting to addresses on Tor, an open-source software that enables anonymous communication. Even then, the hackers haven’t exploited the access they’ve been handed for some reason.
This is surprising because they could deploy attacks through the malware by using legitimate Windows tools on infected systems after bypassing User Account Control (UAC).
How does Raspberry Robin spread?
New Windows systems are getting infected via USB drives that may contain a malicious .LNK file. Once the USB file is attached and the user clicks on the link, the worm deploys the malware on the system.
Also read: Android Malware Subscribes Users To Sketchy Services, Then Forces Them To Pay Up
Besides infecting the system itself, the malware can also communicate with command and control servers. In addition, it can deploy malicious payloads by using Windows utilities like “fodhelper” that helps manage features in Windows, “msiexec” – a common line component of Windows Installer, and “odbcconf” – a tool that configures ODBC drivers.
Also read: These Three Android Apps With ‘Joker’ Malware Have Been Draining People’s Money
Its still unclear what threat actors are responsible for the malware. In the meanwhile, Microsoft has called this campaign “high-risk,” for attackers could infect entire networks if they wish to.
What steps do you take to keep your Windows system free from viruses and malware? Let us know in the comments below. For more in the world of technology and science, keep reading Indiatimes.com.
Gatlan, S. (2022, July 4). Microsoft finds Raspberry Robin worm in hundreds of Windows networks. BleepingComputer.