You are on Windows ? Finding this malware is a priority

© Unsplash/Ed Hardie

A new version of the Raspberry Robin/QNAP malware is reported by cybersecurity specialist HP Wolf Security – and it spreads very quickly on Windows PCs, completely under the radar of most antiviruses on the market. The latter actually works rather cleverly, since it relies on .WSF files containing Windows scripts – which are rarely monitored directly by antivirus solutions on the market.

In addition to this, it is able to detect the antivirus installed on the machine, pause its execution if necessary – before taking advantage of circumstances such as the key moment of an update to change the exception parameters, thus becoming certain of never triggering any alert. The malicious software is concretely a loader, in other words a program responsible for remaining inactive, until its sponsors order it to install other, even more harmful software afterwards.

Microsoft Defender is not enough to detect this worrying virus

The list of malware it installs most often includes names like Cobalt Strike or the SocGholish data vacuum. The Phonandroid site also talks about viruses specialized in infecting corporate networks. According to Microsoft, this update, as effective as it is worrying, comes from a group of Russian hackers, known as Storm-0856.

And the worst part is that for now, flushing it out can be a real challenge, especially on machines that just use Microsoft Defender, the default antivirus on Windows 11. Following this discovery, new lists of definitions are being pushed by the largest antivirus software publishers.

Here we can particularly talk about Bitdefender, which is often among the first on the market to receive updated definitions in this type of case. To protect yourself, installing a paid antivirus is therefore, as you will have understood, essential. Especially since in the case of this attack, little reliable information is really available on how the machines are targeted by the virus.

To protect yourself, installing a free antivirus, or even a complete paid antivirus suite like Bitdefender Total Security, is essential. Once the new definitions are available (if this is not already the case at the time of writing) the solution will be able to analyze Windows script files and thus quickly come across the malicious program.

• Known as Raspberry Robin/QNAP, a new variant of a particularly virulent malware is spreading very quickly throughout the global fleet of Windows PCs – all while evading antivirus detection in most cases.
• New antivirus definitions capable of detecting it are in the works, but the default Microsoft Defender antivirus solution does not generally does not detect it.
• Installing a commercial antivirus, whether free or paid, is essential to get rid of it.

📍 So you don't miss any news from Presse-citron, follow us on Google News and WhatsApp.

[ ]