Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Victims are being enticed to insert an unknown USB drive into their computers.
Dark Reading Staff
March 28, 2020
1 Min Read
Malicious actors are hoping the lure of a free gift card will be strong enough to convince people to throw caution to the wind and plug an unknown USB drive into their computers. The drive, which came attached to what purported to be a Best Buy gift card, supposedly contained a list of items for which the gift card could be used. What it actually contained was quite different.
According to researchers at Trustwave, the USB drive was actually an Arduino microcontroller ATMEGA32U4 programmed to emulate a USB keyboard. Since USB keyboards are trusted devices on most systems, malicious commands can easily be injected.
In this case, the malicious commands were a series of obfuscated PowerShell commands that ultimately uploaded full system configuration data to a command-and-control server and then awaited further instruction. The researchers warn that no unexpected USB drives should be inserted into production systems, no matter how large the gift card they're attached to.
Read more here.
About the Author(s)
You May Also Like
A screen displaying many different types of charts and graphs to show what data is being analyzed.Cybersecurity Analytics