Microsoft warns companies about Raspberry Robin worm in networks

Spread the love

Microsoft has warned dozens of companies about a worm that has probably been circulating in Windows corporate networks since last year. The Raspberry Robin worm spreads through USB devices and has been found in the networks of hundreds of companies.

The worm was discovered last year by researchers at cybersecurity firm Red Canary. Raspberry Robin is spreading to new Windows systems via infected USB drives containing an infected LNK file. Once the worm gains access to the network, it spreads to other devices and systems. Through the systems, it communicates with its command-and-control servers and executes malware payloads through legitimate Windows functions such as msiexec or odbcconf.

“Raspberry Robin uses msiexec.exe to set up remote network communications to a malicious domain for command-and-control purposes”, says Microsoft according to Bleeping Computer. The company labels Raspberry Robin as a ‘high security risk’. Microsoft has observed that the malware connects to addresses on the Tor network, but has not yet accessed the victims’ networks. Still, the attackers could strike at any moment and spread more malware through the infected networks, the company warns. It is not known who distributed Raspberry Robin and for what purpose.

Source: Red Canary

You might also like