Plug your USB stick or disk or keyboard into the Pi, and if it reports that there's a new not-a-USB-stick/disk/keyboard, you know there's malware on the device.
So I'll make my malware pretend to be a plain old USB stick for the first N hours. Then it will simulate an unplug and replug itself in as a keyboard that types "format c:\ncat
It's a basic principle that if an attacker can compromise your hardware, you're fscked. But it looks like the new part is that the malware can go viral, reprogramming USB devices. Whoever was careless enough to release a USB controller with firmware that can be arbitrarily reprogrammed from the host computer needs to be taken out and shot.