Microsoft Finds 'Raspberry Robin' Worm in Hundreds of Windows Networks
"Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors," reports BleepingComputer. The "Raspberry Robin" malware (first spotted in September) spreads through USB devices with a malicious .LNK fileAlthough Microsoft observed the malware connecting to addresses on the Tor network, the threat actors are yet to exploit the access they gained to their victims' networks. This is in spite of the fact that they could easily escalate their attacks given that the malware can bypass User Account Control (UAC) on infected systems using legitimate Windows tools. Microsoft shared this info in a private threat intelligence advisory sent to Microsoft Defender for Endpoint subscribers and seen by BleepingComputer.... Once the USB device is attached and the user clicks the link, the worm spawns a msiexec process using cmd .exe to launch a malicious file stored on the infected drive. It infects new Windows devices, communicates with its command and control servers (C2), and executes malicious payloads... Microsoft has tagged this campaign as high-risk, given that the attackers could download and deploy additional malware within the victims' networks and escalate their privileges at any time.
Read more of this story at Slashdot.