Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Beware! Hackers Deliver USB Devices Containing Malware Using Best Buy Gift Cards
- This topic has 0 replies, 1 voice, and was last updated 11 months, 1 week ago by .
Hackers distribute malicious USB devices as a gift card from Best Buy for its loyal customers as an attempt to trick the victim’s in using the device.
Trustwave found such a letter through their client and analyze the USB device further by plugging in air-gapped computers.
The USB device contains an Arduino microcontroller ATMEGA32U4 designed to work as a USB keyboard. Once it gets injected in the device it injects various malicious PowerShell commands.
Then it PowerShell commands download a JScript command and save it as prada.txt which is the third level payload.
The JScript is obfuscated and its primary function is to register the infected host with the command and control (C&C) server with a unique ID.
The JScript function is to gather the system information from the infected host. It gathers all the information about the affected host and sends it to the C&C server.
After processing every command the JScript sleeps for two minutes and then gets the new command from the C&C server.
The USB devices are often used by security professionals for conducting physical pentests, these devices are dropped in parking lots or waiting rooms.
Attackers generally use spam email campaigns as a method to distribute malware, but here they have used the USB method to deliver the malware.
You must be logged in to reply to this topic.