Trustwave experts published a report in which they told how an unnamed American hotel company sent a fake BestBuy gift card along with a malicious USB flash drive. The accompanying letter said that the drive must be connected to a computer in order to access the list of products for which you can use a gift card. Such targeted attacks by BadUSB are extremely rare in practice.
Let me remind you that BadUSB is a class of attacks that allows using devices like Rubber Ducky to take control of many devices that have a USB port. In this way, you can emulate any peripherals, but most often criminals fake a keyboard.
Trustwave experts say the victim company found the letter suspicious and turned to them for help in investigating the incident.
As the researchers found, after connecting BadUSB to the test workstation, the flash drive launched the PowerShell command (through a series of automatic keystrokes). In turn, this command downloaded a more voluminous PowerShell script from a remote site, and then installed a Malware bot – a JScript-based bot – on the test machine.
“At the time of the analysis, we were not able to find another similar strain of malware. The malware is unknown to us. It is difficult to say whether it was created on an individual order, but probably it is, because it is not very widespread and seems to be targeted, ”experts say.