"Raspberry Robin Distributed Through Windows Script Files"

Threat actors spreading Raspberry Robin are now using Windows Script Files (WSFs), in addition to other methods, such as USB drives. A WSF is a file type generally used by administrators and legitimate software to automate tasks in Windows. HP Threat Research discovered new campaigns starting in March 2024 where Raspberry Robin was being spread with anti-analysis techniques through highly obfuscated WSFs. The Windows worm, discovered in 2021, was initially spread to target hosts via removable media. Threat actors have used other attack vectors to deliver the worm over the years, including archive files and malicious advertisements. This article continues to discuss findings regarding Raspberry Robin's WSF distribution.

Infosecurity Magazine reports "Raspberry Robin Distributed Through Windows Script Files"

Submitted by grigby1