Cybersecurity Researchers Discover New Version of Raspberry Robin Malware
Cybersecurity researchers have uncovered a new iteration of the notorious Raspberry Robin malware that is proving to be highly adept at eluding antivirus programs and other endpoint protection solutions.
According to a recent report by researchers from HP Wolf Security, a new Raspberry Robin campaign was observed in March 2024, as reported by The Hacker News. The malware has been designed to bypass Microsoft Defender Antivirus exclusion rules, making it difficult to detect.
“The scripts themselves are currently flying under the radar of antivirus scanners on VirusTotal, highlighting the sophistication of the malware and the potential threat it poses in terms of causing a severe infection with Raspberry Robin,” HP stated. “The WSF downloader is intricately obfuscated and employs various evasion techniques to avoid detection and impede analysis.”
Raspberry Robin, also known as the QNAP worm, was initially identified in September 2021. It was originally spread through malicious USB devices containing a .LNK file that directed users to a payload hosted on a compromised QNAP device.
