The Hacker News Logo
Subscribe to Newsletter

Warning! Think Twice Before Using USB Drives

usb-data-stealing-malware
Security researchers have discovered a new data-stealing Trojan that makes special use of USB devices in order to spread itself and does not leave any trace of activity on the compromised systems.

Dubbed USB Thief ( or Win32/PSW.Stealer.NAI), the malware has the capability of stealthy attacking against air-gapped or isolated computers, warns ESET security firm.

The malware author has employed special programs to protect the USB Thief from being reproduced or copied, making it even harder to detect and reverse-engineer.

USB Thief has been designed for targeted attacks on computer systems that are isolated from the Internet, according to the ESET malware analyst Tomáš Gardoň.

The 'USB Thief' Trojan Malware


The USB Thief Trojan malware is stored either as a portable application's plugin source or as a Dynamically Linked Library (DLL) used by the portable application.

Since USB devices often store popular applications like Firefox, Notepad++ or TrueCrypt portable, once any of these applications is executed, the malware starts running in the background.

USB Thief is capable of stealing data from air-gapped systems – systems that are isolated from the Internet and other external networks.
"Well, taking into account that organizations isolate some of their systems for a good reason," explained Peter Stancik, the security evangelist at ESET. "Any tool capable of attacking these so called air-gapped systems must be regarded as dangerous."
The malware runs from a USB removable device, so it don’t leave any traces of its activities, and thus, victims do not even notice that their data had been stolen.

Since the malware is bound to a single USB device, it prevents USB Thief from leaking from the infected computers.

Besides this, USB Thief utilizes a sophisticated implementation of multi-staged encryption that makes the malware harder to detect and analyse.
"This is not a very common way to trick users, but very dangerous," Stancik said. "People should understand the risks associated with USB storage devices obtained from sources that may not be trustworthy."

Here's How you can Protect from being Infected:

  • Do not use USB storage devices from non-trustworthy sources.
  • Turn off Autorun
  • Regularly backup your data
More technical details are available on ESET Ireland’s official blog.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.