USB drives continue to be the vectors of infection in companies. Red Canary Conservation researchers have discovered a worm that can spread through USB drives.
Baptized Raspberry Robin, Hidden in the malware key shortcut file (LNK). Once the key is connected, the Windows registry will be updated. The Malware Runs an array of applications such as Windows cmd, msiexec, odbcconf And Cattle breeder. Commands mix lowercase and uppercase letters, making it extremely difficult for potential antivirus machines to detect them.
Some commands attempt to establish an external connection to command and control (C&C) servers. Typically, these are Qnap network storage servers.
“We believe Raspberry Robin uses compromised Qnap devices for its C&C infrastructure”Researchers say.
These external links allow the malware to download other malicious code. In particular, the researchers observed the installation of corrupted DLL, which can be used to guarantee the stability of the system.
Also watch the video:
The victims seem to be above all technical and industrial companies. But there are still many gray areas. The ultimate goal of this malware is unknown as the researchers were unable to get their hands on the malicious codes that were later installed. The researchers also did not endanger the attribute. But this finding once again shows the dangers associated with unidentified USB keys.
Proof : Red Canary
More Stories
Acrylic Nails for the Modern Professional: Balancing Style and Practicality
The Majestic Journey of the African Spurred Tortoise: A Guide to Care and Habitat
Choosing Between a Russian and a Greek Tortoise: What You Need to Know