Story image

ESET discovers strange malware targeting USB

24 Mar 16

USB Thief, a new threat to data, is capable of stealthy attacks against air-gapped systems and also well protected against detection and reverse-engineering.

Cyber security specialists ESET is warning people against a newly discovered data-stealing malware on USB devices, dubbed USB Thief.

The malware exclusively uses USB devices for propagation, without leaving any evidence on the compromised computer.

Its creators have employed special mechanisms to protect the malware from being reproduced or copied, which makes it even harder to detect and analyse, ESET says.

“It seems that this malware was created for targeted attacks on systems isolated from the internet,” explains Tomáš Gardo, ESET malware analyst.

Gardo says USB Thief is a unique data-stealing Trojan that has been spotted on USB devices in the wild, one that is different from typical data-stealing malware.

Each instance of this Trojan relies on the particular USB device on which it is installed and leaves no evidence on the compromised system.

“Because it is USB-based, the malware is capable of attacks on systems isolated from the internet without leaving any traces,” Gardo explains.

“So the victims don’t notice that their data were stolen.

““Another feature which makes this malware unusual is that not only it is USB-based, but it is also bound to a single USB device, since it is intended that the malware shouldn't be duplicated or copied,” he says.. This makes it very difficult to detect and analyse.”

“Where other malware uses good old-fashioned approaches like Autorun files or crafted shortcuts in order to get users to run it, USB Thief also uses another technique. This technique depends on the increasingly common practice of storing portable versions of popular applications such as Firefox, NotePad++ and TrueCrypt on USB drives,” says Gardo.

Gardo says the malware takes advantage of this trend by inserting itself into the command chain of such applications, in the form of a plugin or a dynamically linked library (DLL).

And therefore, whenever such an application is executed, the malware will also be run in the background.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Updated: Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.