This Windows worm evolved into slinging ransomware. Here's how to detect it

2022-10-28 22:11

Raspberry Robin, a worm that spreads through Windows systems via USB drives, has rapidly evolved: now backdoor access is being sold or offered to infected machines so that ransomware, among other code, can be installed by cybercriminals.

In a report on Thursday, Microsoft's Security Threat Intelligence unit said Raspberry Robin is now "Part of a complex and interconnected malware ecosystem" with links to other families of malicious code and ties to ransomware infections.

Ultimately, Raspberry Robin first appeared to be a strange worm that spread from PC to PC with no obvious aim.

"Raspberry Robin has evolved from being a widely distributed worm with no observed post-infection actions when Red Canary first reported it in May 2022, to one of the largest malware distribution platforms currently active," they wrote.

That.lnk file then runs commands to fetch and execute from a C2 server the main malware code on the victim's PC. See the above Microsoft post for technical details on how to detect a Raspberry Robin intrusion.

"DEV-0950 traditionally uses phishing to acquire the majority of their victims, so this notable shift to using Raspberry Robin enables them to deliver payloads to existing infections and move their campaigns more quickly to ransomware stages," they wrote.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/10/28/microsoft_raspberry_robin_malware/

#ransomware #windows #worm