While ransomware attacks often make headlines, the dangers posed by malware can be equally as damaging and are another reason to ensure you’re using antivirus software. The threat group responsible for the malware is currently unknown, as are their motivations and end goal. A Windows command prompt is exploited, and a malicious code is executed on the given device — after which a command and control server is contacted and more malicious files are downloaded. More legitimate Windows programs — including utilities such as “fodhelper”, “msiexec” and “odbcconf” — are used to execute that code and then the worm will attempt to connect to the Tor network.

Raspberry Robin: A Brief Recent History

The worm dubbed “Rasberry Robin” was first discovered back in September 2021 by intelligence analysts at Red Canary, although most of the activity attributed to the worm has been happening since January 2022. The security researchers observed it mostly in tech and manufacturing networks. Cybersecurity company Sekoia – which calls it the “QNAP Worm” – has also been tracking the worm in November of last year. Sekoia said it was using “compromised QNAP devices as command and control servers” and observed it as active in several French networks. For a piece of malware being investigated by a number of security teams, however, it remains relatively mysterious. As previously mentioned, Microsoft has observed it connecting to addresses on the Tor network, but it doesn’t they haven’t actually exploited the access to networks it has infiltrated, despite flexing its power and showing it can use utilities within the Windows OS. What’s more, Sekoia noted in their report on the malware that “its main code is quite sophisticated and the infrastructure used is large”, which raises more questions than answers about the nature of the threat itself. Microsoft, on the other hand, says it found malicious artifacts relating to the worm that were created as far back as 2019.

Protecting Yourself Against Malware

Although threats like these seem powerful, extensive and downright scary, there are a couple of things that businesses and individuals can do to protect themselves and minimize the attack surface of a company or home network. The first is to keep staff — and yourself, for that matter — in the know about the latest threats and instate, compulsory cyber and data security training. Secondly, install reputable antivirus software on your company network. Antivirus software is designed to detect and remove malware, viruses, and other malicious files from computers and networks. All in all, it’s the best defense against this sort of thing.