“Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors,” reports BleepingComputer.
The “Raspberry Robin” malware (first spotted in September) spreads through USB devices with a malicious .LNK file
Although Microsoft observed the malware connecting to addresses on the Tor network, the threat actors are yet to exploit the access they gained to their victims’ networks. This is in spite of the fact that they could easily escalate their attacks given that the malware can bypass User Account Control (UAC) on infected systems using legitimate Windows tools. Microsoft shared this info in a private threat intelligence advisory sent to Microsoft Defender for Endpoint subscribers and seen by BleepingComputer….
Once the USB device is attached and the user clicks the link, the worm spawns a msiexec process using cmd .exe to launch a malicious file stored on the infected drive.