Raspberry Robin, a new worm exploiting windows endpoints is here.
The report reads:
"Raspberry Robin is spreading to new Windows systems via infected USB drives containing a malicious .LNK file.
Once the USB device is attached and the user clicks the link, the worm spawns a msiexec process using cmd.exe to launch a malicious file stored on the infected drive.
It infects new Windows devices, communicates with its command and control servers (C2), and executes malicious payloads using several legitimate Windows utilities:
1. fodhelper (a trusted binary for managing features in Windows settings),
2. msiexec (command line Windows Installer component),
3. and odbcconf (a tool for configuring ODBC drivers)."
Link to the full report: https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/micro...