Microsoft has reported that a dangerous Windows worm has been detected on the networks of hundreds of organizations from various industries.

The malware, dubbed Raspberry Robin, spreads via infected USB devices and was first discovered in September 2021. Microsoft said it saw the worm connecting to addresses on the Tor network, but the attackers had not yet exploited access to their victims’ networks.

However, since the malware can bypass User Account Control (UAC) on infected systems using legitimate Windows tools, they can easily amplify their attacks.

Microsoft shared this information in a threat analysis newsletter sent to Microsoft Defender for Endpoint subscribers. The company believes the risk of using Raspberry Robin is high: Attackers can download and distribute additional malware to victims’ networks and escalate their privileges at any time.