Windows Worm Evolved into slinging Ransomware


Thread author
Staff Member
Malware Hunter
Jul 27, 2015
Raspberry Robin, a worm that spreads through Windows systems via USB drives, has rapidly evolved: now backdoor access is being sold or offered to infected machines so that ransomware, among other code, can be installed by cybercriminals.

In a report on Thursday, Microsoft's Security Threat Intelligence unit said Raspberry Robin is now "part of a complex and interconnected malware ecosystem" with links to other families of malicious code and ties to ransomware infections. Ultimately, Raspberry Robin first appeared to be a strange worm that spread from PC to PC with no obvious aim. Now whoever is controlling the malware is seemingly using it to offer access to infected machines so that other software nasties can be deployed, such as ransomware, by other miscreants. "Raspberry Robin's infection chain is a confusing and complicated map of multiple infection points that can lead to many different outcomes, even in scenarios where two hosts are infected simultaneously," the Microsoft researchers wrote.

"There are numerous components involved; differentiating them could be challenging as the attackers behind the threat have gone to extreme lengths to protect the malware at each stage with complex loading mechanisms." According to data collected by Microsoft's Defender for Endpoint tool, almost 3,000 devices in about 1,000 organizations have experienced at least one alert about a malicious payload related to Raspberry Robin in the past 30 days. "Raspberry Robin has evolved from being a widely distributed worm with no observed post-infection actions when Red Canary first reported it in May 2022, to one of the largest malware distribution platforms currently active," they wrote.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.