New computer worm attacks Windows PCs via USB

A new computer worm spreads to Windows PCs via infected external USB drives.

Security experts have discovered a new malware for Windows. This is reported by the UT IT security news site Bleepingcomputer. Dubbed the Raspberry Robin worm, the malware spreads through external USB drives. If you plug a USB drive with the worm on it into a Windows computer, the worm will infect the PC. The worm hides in an LNK file. LNK files are shortcuts that Windows uses to refer to the original file.

Once the worm infects the Windows PC, it launches a new process containing cmd.exe to launch a malicious file stored in the infected USB drive. The malware then connects to its command and control server (C2) via the Microsoft standard installer (msiexec.exe). The malware can bypass Windows User Account Control (UAC) and can execute and modify DLL files. The security experts describe further details on the infection process in detail here. However, the final target of the malware has not actually been discovered yet.

The first indications of the new malware date back to September 2021. Experts from Red Canary Intelligence discovered the Raspberry Robin worm in the networks of some of their engineering and manufacturing customers.

More messages about Windows malware:

Windows 10: Fake Windows 11 upgrades install malware

Windows malware spreads through infected websites

Beware Windows users: fake upgrade website installs malware

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button