When people imagine threat actors tricking victims into installing malware, the first thing that comes to mind is probably email phishing or typosquatted domains. These days, digital attack vectors are so easy to deploy that physical vectors may even get a chance to fly under the radar.

In a recent campaign uncovered by Trustwave, the criminal threat group FIN7 mailed USB drives serving an unknown malware strain disguised as a free Best Buy gift card offering. The letter mailed with the USB drive states that the retail giant is sending out gift cards to its loyal customers, and the gifted credit can be used to buy products from a specific list that is found on the enclosed USB stick.

 

The enclosed USB device is sold online under the product name “BadUSB,” and includes a microcontroller that allows threat actors to emulate a USB keyboard. This is a mischievous strategy that allows the attackers to easily penetrate the victim’s computer, as keyboard devices are automatically trusted by the computer. Once connected, the USB runs a powershell payload that downloads a currently unidentified malware linked to FIN7.

Until recent years, BadUSB attacks were more of a food for thought than an actual attack vector seen in the wild. The first attacks of this sort were uncovered in 2010, with the last known BadUSB campaign sighted over a year ago. We recommend taking caution when considering the use of a new hardware from an unverified source. Do not plug devices in to your computer if you suspect that they may not be legitimate.

If you’re already a ThreatSTOP user, you’re protected against this malware in our TS Originated - Core Threats - IPs and TS Originated - Core Threats - Domains targets.

 

Due to the impact of novel Coronavirus (COVID-19), ThreatSTOP is offering 3 months of MyDNS free, or until the stay at home orders expire. Whichever is longer. With the COVID-19 crisis comes an unprecedented transition to a work from home workforce, and a massive increase in cyber attacks. Because people need to work from home, we want to provide the cyber security protection they should have at work, for free.

 

Unlike other solutions that send all your data or DNS queries to their Cloud, creating privacy issues and potentially exposing critical company data to hacking and theft through man-in-the-middle attacks, our MyDNS puts a DNS Firewall enabled DNS server onto your device, keeping your traffic under your control and preventing DNS hijacking by enforcing DNSSEC.

Easy and quick to set up, no hardware, no contracts or obligations, and we're here to help.

Learn More