Threat actors distributing Raspberry Robin now use Windows Script Files (WSF) to spread the worm alongside other methods, such as USB drives. HP Threat Research identified new campaigns starting in March 2024 in which Raspberry Robin was spread through highly obfuscated Windows Script Files, using anti-analysis techniques.

Source: Infosecurity