Researchers discovered that Wormable malware known as Raspberry Robin has been active since September and is slithering its way onto Windows workstations through USB devices, using Microsoft Standard Installer and other legitimate procedures to load malicious files.
Red Canary Intelligence researchers began investigating the malicious behavior in the fall when Jason Killam of Red Canary’s Detection Engineering team detected a handful of incidents with identical characteristics in several customers’ settings.
According to the researchers, Raspberry Robin also uses TOR exit nodes as extra Command and Control (C&C) infrastructure. The worm eventually installs malicious Dynamic Link Library (DLL) files discovered on the infected USB.
Read More: https://threatpost.com/usb-malware-targets-windows-installer/179521/
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
