Victims are being enticed to insert an unknown USB drive into their computers.
Malicious actors are hoping the lure of a free gift card will be strong enough to convince people to throw caution to the wind and plug an unknown USB drive into their computers. The drive, which came attached to what purported to be a Best Buy gift card, supposedly contained a list of items for which the gift card could be used. What it actually contained was quite different.
According to researchers at Trustwave, the USB drive was actually an Arduino microcontroller ATMEGA32U4 programmed to emulate a USB keyboard. Since USB keyboards are trusted devices on most systems, malicious commands can easily be injected.
In this case, the malicious commands were a series of obfuscated PowerShell commands that ultimately uploaded full system configuration data to a command-and-control server and then awaited further instruction. The researchers warn that no unexpected USB drives should be inserted into production systems, no matter how large the gift card they're attached to.
Read more here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: " How to Evict Attackers Living Off Your Land."
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024