Raspberry Robin is a spreading threat, using specifically crafted Microsoft links (LNK files) to infect its victims.
Cybereason observed delivery through file archives, removable devices (USB) or ISO files.
Raspberry Robin is a persistent threat.
Once the malware infects a machine, it establishes persistence by running at every system startup.
Cybereason observed a majority of the victims being located in Europe.