Hackers are using this little-known file type to drop a nasty Windows worm on vulnerable PCs — how to stay safe

A hacker typing quickly on a keyboard
(Image credit: Shutterstock)

Hackers are constantly switching up their tactics in order to avoid detection, and now it appears that they’ve resurrected a Windows worm to infect vulnerable PCs with other malware strains and even ransomware.

Identified back in 2021, Raspberry Robin was first used by hackers to target tech and manufacturing businesses. However, instead of spreading this malware online, they used USB flash drives that were sent out to targeted organizations. While you should never plug a random USB flash drive into your computer, some employees unwittingly did, which led to their company’s entire network getting infected.

Now, according to a new report from HP Wolf Security, Raspberry Robin is back in action—but this time around, hackers are using a little-known Windows file type to distribute it. If you’re using one of the best Windows laptops or even a PC you built yourself, here’s everything you need to know about this nasty Windows worm, along with some steps on how to keep you and your computer safe. 

From USB flash drives to Windows Script Files

Instead of using USB flash drives, hackers are now using Windows Script Files (WSF) to distribute Raspberry Robin in this new campaign.

For those unfamiliar, these scripts are often used by IT admins and legitimate software to automate tasks within Windows. However, like most tools, they can be abused by hackers and other cybercriminals in their attacks.

In this latest campaign, the hackers responsible are distributing these malicious files using a number of different domains and subdomains. However, according to The Hacker News, it’s not entirely clear how they’re directing potential victims to these particular sites. However, HP Wolf Security’s researchers believe that spam emails or malvertising could be how the hackers are doing it.

These WSF files are heavily obfuscated, which makes it more difficult for the best antivirus software and other security tools to identify that they’re actually dangerous. In fact, the malware-tracking site VirusTotal has not yet classified them as malicious.

What makes Raspberry Robin so dangerous is that this malware is frequently used to drop other malware strains such as SocGholish, Cobalt Strike, IcedID, BumbleBee and Truebot onto infected PCs. Think of it as a precursor to a more serious malware infection that can steal passwords, along with other sensitive and financial data from your computer. Likewise, Raspberry Robin can also be used to infect your computer and others on the same network with ransomware.

How to keep your PC protected from malware

Best antivirus software

(Image credit: Shutterstock)

Just like with your smartphone, you want to be extra careful when downloading new files online when using your PC. As a general rule of thumb, it’s best to stick to known brands and websites when it comes to downloading anything.

As Raspberry Robin could be spread through spam emails, you want to avoid clicking on any links or downloading any attachments that an email from an unknown sender may contain. Even then, hackers could compromise the email account of someone you know to use their email address in future attacks. This is why it’s best to avoid downloading anything from an email unless you have antivirus software installed.

Fortunately, Windows computers come pre-installed with Windows Defender and this built-in antivirus has gotten a lot better at fending off malware infections and other attacks in recent years. Still though, it might be worth upgrading to paid antivirus software or even signing for the best identity theft protection if you want to be extra safe.

In order for their attacks to be successful, hackers are always coming up with new ways to avoid detection. This is why you need to be careful online and think twice before downloading anything.

More from Tom's Guide

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
MacBook Pro 2021 (16-inch) on a patio table
Macs under attack from dangerous malware targeting digital wallets and Apple’s Notes app — how to stay safe
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
Malware
New macOS malware uses Apple's own code to quietly steal credentials and personal data — how to stay safe
A hacker typing quickly on a keyboard
Hackers are posing as Apple and Google to infect Macs with malware — don’t fall for these fake browser updates
MacBook Pro 2023
Macs under attack from North Korean malware stealing passwords and more — how to stay safe
A hacker typing quickly on a keyboard
Thousands of WordPress sites hijacked to spread Windows and Mac malware - how to stay safe
Latest in Malware & Adware
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Green skull on smartphone screen.
Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe
Green skull on smartphone screen.
This Android banking trojan steals passwords to take over your accounts — and all it takes is a single text message
PayPal logo on iPhone
Watch out! Scammers are using this PayPal setting to take over your PC
A laptop displaying the Chrome logo
Don't click this — malicious ads impersonating Google Chrome spreading dangerous malware
Latest in News
iOS 19 logo on an iPhone
5 biggest iOS 19 rumors — here’s how Apple could transform your iPhone
Sonos logo on a smart speaker
Sonos halts work on rumored super streaming device — what's next?
NYTimes Connections
NYT Connections today hints and answers — Thursday, March 13 (#641)
The cast of The Wizard of Oz
5 best kids' movies based on books to stream now
HomePod with display concept render
Apple HomePod with display now rumored for late 2025 launch
The Apple Watch Series 10 on display at the device's launch in September 2024
Apple Watch sales plummet 19% as smartwatch market declines for first time