Windows Installer Used by New Raspberry Robin Worm

Installing, maintaining, and uninstalling software is made easier using Windows Installer. Installation packages, which are loosely relational databases constructed as COM Structured Storages and frequently referred to as “MSI files” because of their default filename extensions, include the installation information as well as the files themselves, if applicable.

In comparison to its predecessor, Setup API, Windows Installer features considerable improvements. The addition of a graphical user interface framework as well as the automated development of the uninstallation sequence is among the new capabilities. Earlier versions of InstallShield and NSIS, as well as the newer Windows Installation, are positioned as alternatives to standalone executable installer frameworks.

What Happened?

A new Windows virus with worm capabilities has been found by Red Canary intelligence investigators. The malware spreads via the use of external USB sticks.

This virus is tied to a cluster of malicious behavior nicknamed Raspberry Robin, and it was first discovered in September 2021, according to the available information.

It was discovered in various client networks, some of which were in the technological and industrial industries. Red Canary’s Detection Engineering team was responsible for the discovery.

When a virus-infected USB device carrying a malicious.LNK file is attached to a new Windows

Read More: https://heimdalsecurity.com/blog/windows-installer-used-by-new-raspberry-robin-worm/