Microsoft has detected a Windows worm that has infected the networks of hundreds of organisations, Bleeping Computer reports.

The publication found this information in a private threat intelligence advisory the software giant had shared with Microsoft Defender for Endpoint subscribers.

Microsoft flagged the malware as high-risk because it can deploy more malware on victims’ networks, bypass User Account Control and elevate administrator privileges.

Dubbed “Raspberry Robin”, the malware was first picked up by analysts from Red Canary in September 2021.

The malware is spread through a malicious .LNK file on an infected USB drive.

When a user inserts the drive and clicks on the link, the malware initiates the legitimate Microsoft Standard Installer to make contact with a command-and-control server.

It can then deliver more malicious files to the targeted device using other legitimate Windows tools.

The malware also installs a malicious DLL file to prevent removal through a restart.

Microsoft has observed the malware connecting to addresses on the Tor network, but the attackers have not yet exploited their access to the targeted networks.

Security firms are still investigating the source of the malware and its end purpose.

The infographic below provides a basic overview of how the malware infects a device and can be used to execute malicious files.