bleepingcomputer[.]com/news/security/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks/
The linked article is a reminder of sorts: "Microsoft finds Raspberry Robin worm in hundreds of Windows networks", talking about a Windows worm [ docs.microsoft[.]com/en-us/microsoft-365/security/intelligence/worms-malware?view=o365-worldwide ] that spreads through USB devices. In this case it's triggered by someone clicking on a shortcut stored on a USB device [probably a USB stick but the article only says device].
Make sure any USB device you plug in has been bought new, is not counterfeit [a complaint you sometimes see in reviews on Amazon], & comes in a sealed box that's genuine as far as you can tell, comparing it carefully to online pictures etc. It's possible to hack the firmware in a USB stick or device, or modify a charger, to execute malware the moment it's plugged in; it could be a transmitter, sending out keystrokes for example; it can hold files &/or partitions that are invisible to Windows &/or Linux, so even a format might not get rid of it.