Researchers Warn of 'Raspberry Robin' Malware Spreading via External Drives

2022-05-06 20:09

Cybersecurity researchers have discovered a new Windows malware with worm-like capabilities and is propagated by means of removable USB devices.

Attributing the malware to a cluster named "Raspberry Robin," Red Canary researchers noted that the worm "Leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.".

Attack chains pertaining to Raspberry Robin start with connecting an infected USB drive to a Windows machine.

Exe to read and execute a malicious file stored on the external drive.

Also common across Raspberry Robin detections is the presence of outbound C2 contact involving the processes regsvr32.

"We also don't know why Raspberry Robin installs a malicious DLL," the researchers said.

News URL

https://thehackernews.com/2022/05/researchers-warn-of-raspberry-robin.html

#malware #researcher