In new analysis from HP Wolf Security, they reveal that since March, threat actors have been using the Raspberry Robin worm to spread malware through Windows Script Files (.wsf) unnoticed, At this time, these scripts are not classified as malicious by any anti-virus scanners on VirusTotal.
This new campaign sees threat actors using advanced obfuscation and anti-analysis techniques to bypass detection tools, fool sandboxes, and slow down security teams seeking to understand the malware and respond to attacks.
Historically, Raspberry Robin spread through removable media like USB drives. But this new campaign uses malicious .wsf files hosted on the web to act as a downloader for other popular malware families – or as a precursor to ransomware – which is why it’s currently one of the top security threats to enterprises.
You can read this analysis here.
Like this:
Like Loading...
Related
This entry was posted on April 10, 2024 at 9:00 am and is filed under Commentary with tags HP. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
HP Analyzes Stealthy Raspberry Robin Campaign
In new analysis from HP Wolf Security, they reveal that since March, threat actors have been using the Raspberry Robin worm to spread malware through Windows Script Files (.wsf) unnoticed, At this time, these scripts are not classified as malicious by any anti-virus scanners on VirusTotal.
This new campaign sees threat actors using advanced obfuscation and anti-analysis techniques to bypass detection tools, fool sandboxes, and slow down security teams seeking to understand the malware and respond to attacks.
Historically, Raspberry Robin spread through removable media like USB drives. But this new campaign uses malicious .wsf files hosted on the web to act as a downloader for other popular malware families – or as a precursor to ransomware – which is why it’s currently one of the top security threats to enterprises.
You can read this analysis here.
Share this:
Like this:
Related
This entry was posted on April 10, 2024 at 9:00 am and is filed under Commentary with tags HP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.