Hackers are constantly changing their modus operandi to avoid detection, and now it appears they are resurrecting the Windows worm to infect vulnerable PCs with other malware and ransomware
Raspberry Robin, identified in 2021, was first used by hackers to target technology and manufacturing companies However, instead of spreading this malware online, they used USB drives sent to targeted organizations While random USB drives should never be plugged into computers, some employees unknowingly plugged them in and the entire company network was infected
Now, according to a new report from HP Wolf Security, Raspberry Robin is back in action, but this time the hacker is using a little-known Windows file type for distribution If you're using one of the best Windows laptops out there, or even a PC of your own making, here's everything you need to know about this nasty Windows worm
Hackers are launching a new campaign to distribute Raspberry Robin using Windows script files (WSFs) instead of using USB flash drives
These scripts, for those unfamiliar with them, are often used by IT administrators and legitimate software to automate tasks within Windows However, like many tools, they can be exploited by hackers and other cybercriminals
In this latest campaign, the perpetrators are using many different domains and subdomains to distribute these malicious files However, according to The Hacker News, it is not entirely clear how they are directing potential victims to these specific sites However, researchers at HP Wolf Security believe that spamming and malvertising may be the hackers' modus operandi
These WSF files are fairly obfuscated, making it difficult for the best anti-virus software and other security tools to identify them as actually dangerous In fact, the malware tracking site VirusTotal has yet to classify them as malicious
What makes Raspberry Robin so dangerous is that this malware is frequently used to send other malware such as SocGholish, Cobalt Strike, IcedID, BumbleBee, and Truebot to infected PCs This malware is a precursor to more serious malware infections and can steal passwords and other sensitive or financial data from computers Similarly, Raspberry Robin can be used to infect your computer and other computers on the same network with ransomware
Just as with smartphones, you want to be very careful when using a PC and downloading new files online As a general rule of thumb, it is best to stick to known brands and websites when downloading anything
Raspberry Robin can be spread through spam emails, so avoid clicking on links or downloading attachments in emails from unknown senders Even then, hackers could compromise the email account of someone you know and use that email address for future attacks For this reason, you should avoid downloading anything from an email unless you have antivirus software installed
Fortunately, Windows computers come with Windows Defender preinstalled, and this built-in antivirus software has become much more capable of fighting off malware infections and other attacks in recent years However, if you still want to be more secure, it may be worth upgrading to paid antivirus software or signing up for the best identity theft protection available
To mount a successful attack, hackers are always coming up with new ways to avoid detection Therefore, one should be cautious online and think twice before downloading anything
Comments