Beware! This Raspberry Robin Malware May Harm Your Data
Red Canary researchers noted that the worm “leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.” If your device is infected with this malware the first change you will see is your device’s date back to September 2021. As mentioned above, the attack of the malware starts with connecting an infected USB drive to a Windows machine. Present within the device is the worm payload, which appears as a .LNK shortcut file to a legitimate folder. The worm then takes care of generating a new process using cmd.exe to read and execute a malicious file stored on the external drive. After that, explorer.exe and msiexec.exe are executed. These files are then used for external network communication to a rogue domain for command-and-control (C2) purposes. It also downloads and installs a DLL library file. The malicious DLL is subsequently loaded and executed using a chain of legitimate Windows utilities such as fodhelper.exe, rundll32.exe to rundll32.exe, and odbcconf.exe, effectively bypassing User Account Control (UAC). The best way to avoid this malware is to first scan the external device with a powerful antivirus. If the device is free of viruses and malware then go ahead to use this device. Check Also: ‘Woke Mind Virus’ is making Netflix Unwatchable, Says Elon Musk
