cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ashwani_Paliwal
Newcomer I

Raspberry Robin, a new worm exploiting windows endpoints

Raspberry Robin, a new worm exploiting windows endpoints is here.

The report reads:
"Raspberry Robin is spreading to new Windows systems via infected USB drives containing a malicious .LNK file.

Once the USB device is attached and the user clicks the link, the worm spawns a msiexec process using cmd.exe to launch a malicious file stored on the infected drive.

It infects new Windows devices, communicates with its command and control servers (C2), and executes malicious payloads using several legitimate Windows utilities:

1. fodhelper (a trusted binary for managing features in Windows settings),
2. msiexec (command line Windows Installer component),
3. and odbcconf (a tool for configuring ODBC drivers)."

 

Link to the full report: https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/micro...

0 Replies