CySecurity News – Latest Information Security and Hacking Incidents
A new Windows malware with worm capabilities has been identified by Red Canary intelligence investigators, and it spreads via external USB sticks. This malware is associated with the Raspberry Robin malware cluster, which was initially discovered in September 2021. (cybersecurity firm Sekoia tracks this malware as “QNAP worm”).
The worm was discovered in many customers’ networks by Red Canary’s Detection Engineering team, including companies in the technology and manufacturing sectors. When a USB drive carrying a malicious.LNK file is attached, Raspberry Robin spreads to new Windows systems.
The worm launches a new process using cmd.exe to launch a malicious file stored on the infected drive after it has been attached. It reaches out to its command-and-control (C2) servers via Microsoft Standard Installer (msiexec.exe), which are most likely hosted on infected QNAP devices and utilise TOR exit nodes as additional C2 infrastructure.
The researchers said, “While msiexec.exe downloads and executes legitimate installer packages, adversaries also leverage it to deliver malware. Raspberry Robin uses msiexec.exe to attempt external network communication to a malicious domain for C2 purposes.”
They believe the malware downloads a malicious DLL file [1, 2] on affected workstations to resist eradication between restarts, albeit they haven’t determine
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article. 
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: