Security News > 2022 > May > USB-based Wormable Malware Targets Windows Installer
Wormable malware dubbed Raspberry Robin has been active since last September and is wriggling its way through USB drives onto Windows machines to use Microsoft Standard Installer and other legitimate processes to install malicious files, researchers have found.
Eventually the worm installs malicious dynamic link library files found on the infected USB. While researchers first noticed Raspberry Robin as early as September 2021, most of the activity observed by Red Canary occurred during January of this year, researchers said.
Infected removable drives-typically USB devices-introduce the Raspberry Robin worm as a shortcut LNK file masquerading as a legitimate folder on the infected USB device, researchers said.
Exe to read and execute a file stored on the infected external drive, researchers said.
The former's command line can be a mixed-case reference to an external device-a person's name, like LAUREN V; or the name of the LNK file, researchers said.
Exe-and passes in additional commands to execute and configure the recently-installed malicious DLL file, researchers said.
News URL
https://threatpost.com/usb-malware-targets-windows-installer/179521/
Related news
- Windows 11 KB5034848 preview update adds USB 80Gbps support (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics (source)
- Detecting Windows-based Malware Through Better Visibility (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware (source)