CVE-2022-41073

Windows Print Spooler Elevation of Privilege Vulnerability Recent assessments: ccondon-r7 at December 29, 2022 11:52pm UTC reported: Evidently this is being used for privilege escalation in ransomware attacks when threat actors have initial access to systems through existing Raspberry Robin,...

Raspberry Robin worm used as ransomware prelude

Raspberry Robin aka Worm.RaspberyRobin started out as an annoying, yet relatively low-profile threat that was often installed via USB drive. First spotted in September 2021, it was typically introduced into a network through infected removable drives, often USB devices. Now the worm has been foun...

Raspberry Robin Operators Selling Cybercriminals Access to Thousands of Endpoints

The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot aka Silence, and Clop ransomware. It is "part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection...

Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity

Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread. These infections lead to follow-on...

Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity

Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread. These infections lead to follow-on...

New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers

Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators' connections to the Russia-based Evil Corp group. The findings suggest that "Evil Corp is likely using...

Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers

Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates aka SocGholish malware being delivered via existing Raspberry Robin infections on July 26,...

Raspberry Robin worm infects Multiple Windows Network Devices

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The Raspberry Robin worm spreads via USB devices and shared folders to infect Windows installers and QNAP devices using compromised QNAP devices as stagers. Majority of the victims in Europe are being targeted...

Researchers Warn of Raspberry Robin's Worm Targeting Windows Users

Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to a threat cluster tracked as Raspberry Robin that's behind a Windows malware with worm-like capabilities. Describing it as a "persistent" and "spreading" threat, Cybereason said it observed a number of victims ...

USB-based Wormable Raspberry Robin Malware Targeting Windows Installer

By Deeba Ahmed The malware Raspberry Robin is distributed via external drives and uses Microsoft Standard installer to execute malicious commands.… This is a post from HackRead.com Read the original post: USB-based Wormable Raspberry Robin Malware Targeting Windows Installer...

USB-based Wormable Malware Targets Windows Installer

Credit: Red Canary Wormable malware dubbed Raspberry Robin has been active since last September and is wriggling its way through USB drives onto Windows machines to use Microsoft Standard Installer and other legitimate processes to install malicious files, researchers have found. Researchers at...

Researchers Warn of 'Raspberry Robin' Malware Spreading via External Drives

Cybersecurity researchers have discovered a new Windows malware with worm-like capabilities and is propagated by means of removable USB devices. Attributing the malware to a cluster named "Raspberry Robin," Red Canary researchers noted that the worm "leverages Windows Installer to reach out to...