Malicious USB Drive Hides Behind Gift Card Lure

Victims are being enticed to insert an unknown USB drive into their computers.

Dark Reading Staff, Dark Reading

March 28, 2020

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Malicious actors are hoping the lure of a free gift card will be strong enough to convince people to throw caution to the wind and plug an unknown USB drive into their computers. The drive, which came attached to what purported to be a Best Buy gift card, supposedly contained a list of items for which the gift card could be used. What it actually contained was quite different.

According to researchers at Trustwave, the USB drive was actually an Arduino microcontroller ATMEGA32U4 programmed to emulate a USB keyboard. Since USB keyboards are trusted devices on most systems, malicious commands can easily be injected.

In this case, the malicious commands were a series of obfuscated PowerShell commands that ultimately uploaded full system configuration data to a command-and-control server and then awaited further instruction. The researchers warn that no unexpected USB drives should be inserted into production systems, no matter how large the gift card they're attached to.

Read moreĀ here.

Edgepromohorizontal.jpgCheck out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: " How to Evict Attackers Living Off Your Land."

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights