New computer threat for Windows users. HP Wolf Security announces that a highly pernicious version of Raspberry Robin malware was detected in March 2024. It uses Windows Script Files (WSF) to sneak into a system undetected.
A new version of Raspberry Robin undetectable
Kaspersky Premium
Secure your PC, your Mac and your mobile devices, with Kaspersky Premium which will fight for you against viruses, malware, hacks, etc. It additionally provides unlimited VPN, password vault and more.
-
Downloads:
28 -
Release date :
03/20/2024 -
Author :
Kaspersky Lab -
Licence :
Demonstration -
Categories:
Security
-
Operating system :
Android, Windows, iOS iPhone / iPad, macOS
WSF files manage to evade detection by shutting down security software like Bitdefender or Kaspersky. Microsoft Defender is also sidelined, the malware preventing it from launching its analysis and detecting it. Raspberry Robin also escapes VirusTotal, Google’s online service. No scripts are detected as dangerous by the system when Raspberry Robin is deployed on it.
HP Wolf Security specifies that this version verifies that it can carry out its infection peacefully by checking the version of Windows, in addition to interrupting security solutions. When the verification is validated, Raspberry Robin has full access to the entire system in complete peace of mind, without being detected.
When WSF scripts are run on Windows system, Raspberry Robin manages Microsoft Defender exclusions, blocks protections and then deploys Trojans, Cobalt beacons or precursors to carry out ransomware attacks against businesses. To distribute this malware, hackers from the Storm-0856 group, who carried out this attack, notably use social engineering campaigns and push victims to click on links where these malicious WSF files are hosted.
Faced with this undetectable version of Raspberry Robin, caution is required. Avoid clicking on suspicious links. Even if they come from one of your contacts, since it is possible that your loved ones are infected to allow the spread of this malware.