Raspberry Robin malware Archives

Tech Optimizer

June 11, 2024

Hackers are using Windows script files to spread malware and swerve antivirus software

Security researchers have raised concerns about threat actors using a modified version of the Raspberry Robin worm to covertly distribute malware using Windows script files (WSF). The updated scripts used to load and proliferate the malware on target systems are not currently classified as malicious by any antivirus scanners on VirusTotal. The worm has been spread through various entry points including removable media, archive files hosted on Discord, 7-Zip archive files downloaded through web browsers, and malvertising campaigns on Discord. The investigation focused on the most recent attack campaign since early March 2024, which utilizes the WSF infection method. The malware uses obfuscation techniques and anti-analysis measures to avoid detection and deliver the Raspberry Robin worm onto the system. This attack sequence could potentially lead to the delivery of ransomware, making it crucial for security professionals to counter the malware early in its infection chain to prevent compromise.

Tech Optimizer

June 10, 2024

This stealthy new malware can apparently avoid all antivirus scanners

Cybersecurity researchers have discovered a new version of the Raspberry Robin malware that is adept at eluding antivirus programs. The malware was observed in a campaign in March 2024 and is designed to bypass Microsoft Defender Antivirus exclusion rules, making it difficult to detect. The malware's scripts are currently undetected by antivirus scanners on VirusTotal, highlighting its sophistication and potential threat. Raspberry Robin, also known as the QNAP worm, was initially identified in September 2021 and spread through malicious USB devices.