Trustwave experts published a report in which they told how an unnamed American hotel company sent a fake BestBuy gift card along with a malicious USB flash drive. The accompanying letter said that the drive must be connected to a computer in order to access the list of products for which you can use a gift card. Such targeted attacks by BadUSB are extremely rare in practice.
Let me remind you that BadUSB is a class of attacks that allows using devices like Rubber Ducky to take control of many devices that have a USB port. In this way, you can emulate any peripherals, but most often criminals fake a keyboard.
Trustwave experts say the victim company found the letter suspicious and turned to them for help in investigating the incident.
As the researchers found, after connecting BadUSB to the test workstation, the flash drive launched the PowerShell command (through a series of automatic keystrokes). In turn, this command downloaded a more voluminous PowerShell script from a remote site, and then installed a Malware bot – a JScript-based bot – on the test machine.
“At the time of the analysis, we were not able to find another similar strain of malware. The malware is unknown to us. It is difficult to say whether it was created on an individual order, but probably it is, because it is not very widespread and seems to be targeted, ”experts say.
Recently news
746 arrests, 2 tons of drugs, 54 million pounds and dozens of weapons. EncroChat anonymous service successfully hacked in Europe
BlueLeaks: activists published data of 200 police agencies in the public domain
The new vulnerability “hits” AMD processors, but does not affect Intel CPUs. But there is nothing to worry about
Vulnerability found in Arm processors that could allow an attacker to gain unauthorized access to data
Intel processors discovered a vulnerability called CrossTalk
Honda had to suspend car and motorcycle production due to cyber attack