Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files
Apr 10, 2024
Cyber Crime / Malvertising
Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files ( WSFs ) since March 2024. "Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its distributors have experimented with other initial infection vectors," HP Wolf Security researcher Patrick Schläpfer said in a report shared with The Hacker News. Raspberry Robin, also called QNAP worm, was first spotted in September 2021 that has since evolved into a downloader for various other payloads in recent years, such as SocGholish, Cobalt Strike, IcedID, BumbleBee, and TrueBot, and also serving as a precursor for ransomware. While the malware was initially distributed by means of USB devices containing LNK files that retrieved the payload from a compromised QNAP device, it has since adopted other methods such as social engineering and malvertising. It's attribute