Story image

ESET discovers strange malware targeting USB

24 Mar 2016

USB Thief, a new threat to data, is capable of stealthy attacks against air-gapped systems and also well protected against detection and reverse-engineering.

Cyber security specialists ESET is warning people against a newly discovered data-stealing malware on USB devices, dubbed USB Thief.

The malware exclusively uses USB devices for propagation, without leaving any evidence on the compromised computer.

Its creators have employed special mechanisms to protect the malware from being reproduced or copied, which makes it even harder to detect and analyse, ESET says. “It seems that this malware was created for targeted attacks on systems isolated from the internet,” explains Tomáš Gardo, ESET malware analyst.

Gardo says USB Thief is a unique data-stealing Trojan that has been spotted on USB devices in the wild, one that is different from typical data-stealing malware.

Each instance of this Trojan relies on the particular USB device on which it is installed and leaves no evidence on the compromised system.

“Because it is USB-based, the malware is capable of attacks on systems isolated from the internet without leaving any traces,” Gardo explains.

“So the victims don’t notice that their data were stolen.

““Another feature which makes this malware unusual is that not only it is USB-based, but it is also bound to a single USB device, since it is intended that the malware shouldn't be duplicated or copied,” he says.. This makes it very difficult to detect and analyse.”

“Where other malware uses good old-fashioned approaches like Autorun files or crafted shortcuts in order to get users to run it, USB Thief also uses another technique. This technique depends on the increasingly common practice of storing portable versions of popular applications such as Firefox, NotePad++ and TrueCrypt on USB drives,” says Gardo.

Gardo says the malware takes advantage of this trend by inserting itself into the command chain of such applications, in the form of a plugin or a dynamically linked library (DLL).

And therefore, whenever such an application is executed, the malware will also be run in the background.

Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
NZ ISPs issue open letter to social media giants to discuss censorship
Content sharing platforms have a duty of care to proactively monitor for harmful content, act expeditiously to remove content which is flagged to them as illegal.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Bitdefender invests in A/NZ with new offices and regional director
Bitdefender has opened its Partner Advantage Network (PAN) programme with the aim of recruiting and supporting its over 500 local resellers.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Online attackers abusing Kiwis' generosity in wake of Chch tragedy
It doesn’t take some people long to abuse people’s kindness and generosity in a time of mourning.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.