Security News > 2022 > May > New Raspberry Robin worm uses Windows Installer to drop malware
Red Canary intelligence analysts have discovered a new Windows malware with worm capabilities that spreads using external USB drives.
This malware is linked to a cluster of malicious activity dubbed Raspberry Robin and was first observed in September 2021.
Raspberry Robin spreads to new Windows systems when an infected USB drive containing a malicious.
"Raspberry Robin uses msiexec.exe to attempt external network communication to a malicious domain for C2 purposes."
Raspberry Robin launches this DLL with the help of two other legitimate Windows utilities: fodhelper and odbcconf.
"First and foremost, we don't know how or where Raspberry Robin infects external drives to perpetuate its activity, though it's likely this occurs offline or otherwise outside of our visibility. We also don't know why Raspberry Robin installs a malicious DLL," the researchers said.
News URL
Related news
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics (source)
- Detecting Windows-based Malware Through Better Visibility (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware (source)