According to Cybereason, a recently found Windows worm is employing infected QNAP network-attached storage (NAS) units as stagers to spread to new systems.
The malware, known as Raspberry Robin, propagated predominantly through portable storage devices like USB sticks when it was first discovered in September 2021. Red Canary reported in a study from May 2022 that the virus mostly uses HTTP requests to connect with its infrastructure utilizing msiexec.exe, the legitimate Windows Installer executable software.
Additionally, it employs Tor exit notes for administrative purposes (C&C). Raspberry Robin was primarily seen in businesses in the technology and manufacturing industries, but Red Canary security analysts were unable to find any connections between the victims and stated it was still unclear why the attacks were carried out.