Security News Raspberry Robin malware returns with early access to Windows exploits


Level 27
Thread author
Aug 17, 2017
Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them. One-day exploits refer to code that leverages a vulnerability that the developer of the impacted software patched recently but the fix has either not been deployed to all clients or it has not been applied on all vulnerable systems.

From the moment the vendor discloses the vulnerability, which usually comes with publishing a patch, threat actors rush to create an exploit and use it before the fix propagates to a large number of systems. According to a report from Check Point, Raspberry Robin has recently used at least two exploits for 1-day flaws, which indicates that the malware operator either has the capability to develop the code or has sources that provide it.

Raspberry Robin is a worm that Red Canary, a managed detection and response company, first identified in 2021. It spreads primarily through removable storage devices such as USB drives to establish a foothold on infected systems and facilitate the deployment of additional payloads. It has been associated with threat actors like EvilCorp, FIN11, TA505, the Clop ransomware gang, and other malware operations, but its creators and maintainers are unknown.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.