Security News > 2022 > May > USB-based Wormable Malware Targets Windows Installer
Wormable malware dubbed Raspberry Robin has been active since last September and is wriggling its way through USB drives onto Windows machines to use Microsoft Standard Installer and other legitimate processes to install malicious files, researchers have found.
Eventually the worm installs malicious dynamic link library files found on the infected USB. While researchers first noticed Raspberry Robin as early as September 2021, most of the activity observed by Red Canary occurred during January of this year, researchers said.
Infected removable drives-typically USB devices-introduce the Raspberry Robin worm as a shortcut LNK file masquerading as a legitimate folder on the infected USB device, researchers said.
Exe to read and execute a file stored on the infected external drive, researchers said.
The former's command line can be a mixed-case reference to an external device-a person's name, like LAUREN V; or the name of the LNK file, researchers said.
Exe-and passes in additional commands to execute and configure the recently-installed malicious DLL file, researchers said.
News URL
https://threatpost.com/usb-malware-targets-windows-installer/179521/
Related news
- Microsoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issues (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)