USB Infections, what viruses are used to infect computers and the best ways to protect yourself. USB infections refer to the method of spreading malware through USB devices, such as USB flash drives.To see important ads, turn off your ad blocker! Article continued below:
USB Infections, here are some.
These viruses exploit the Windows Autorun feature to execute malicious code when a USB drive is connected. They create an autorun.inf file on the drive to automatically run the malware.
To protect yourself, disable the Autorun feature on your computer or use a reliable antivirus program that scans USB devices upon insertion.
These viruses hide files and folders on the USB drive and replace them with shortcuts that execute the malware when clicked.
To prevent this, disable the “Hide extensions for known file types” option in your Windows File Explorer settings. Also, avoid double-clicking on unfamiliar shortcuts.
USB Infections, malware Droppers.
USB drives can be used to distribute malware droppers that download and install additional malicious software on the computer.
Keep your operating system and antivirus software up to date to protect against known vulnerabilities. Regularly scan USB drives with trusted antivirus software before accessing any files.
Infected Files: Viruses can be embedded within files on USB drives, such as executable files, documents, or scripts. Be cautious when opening files from untrusted sources, especially if they are unexpected or unsolicited.
Scan files with antivirus software before opening them, and consider using online file scanning services for an additional layer of protection.
USB infections, related to it!
Which attackers mail USB thumb drives to US organizations with the goal of delivering ransomware into their environments.
The FBI said it has received reports of several packages containing malicious USB devices that were sent to US companies in the transportation, insurance, and defense industries.
The activity has been ongoing since August 2021, the FBI said, and packages were sent via the United States Postal Service and United Parcel Service.
There are two versions of packages sent! One is disguised to appear as though it’s from the US Department of Health and Human Services; these parcels often contain messages about COVID-19 guidelines in addition to the USB.
The second type is designed to imitate Amazon; these come in a decorated gift box with a thank-you message, fake gift card, and the malicious USB.
USB Infections, but there is another way to infect computers.
Espionage malware that spreads by self-propagating through infected USB drives is back, surfacing recently in an incident at a European healthcare institution, researchers have found.
Researchers at Check Point Research discovered the backdoor, which they’ve dubbed WispRider. The campaign is the work of the Chinese-state-sponsored APT that Check Point tracks as “Camaro Dragon,” but which is probably better known as Mustang Panda (aka Luminous Moth and Bronze President).
Check Point first discovered the malware when an employee who had participated in a conference held in Asia came home with an infected USB drive, researchers revealed in a blog post published June 22.
Apparently, the employee — dubbed “Patient Zero” by the researchers — had shared his presentation with fellow attendees using his USB drive, and one of his colleagues there passed on the infection from his computer, they said.
USB Infections, alarming role USB drives.
“Consequently, upon returning to the healthcare institution in Europe, the employee inadvertently introduced the infected USB drive, which led to spread of the infection to the hospital’s computer systems,” Check Point researchers wrote in the report.
The incident shows how the APT, which previously primarily focused its cyber espionage activities on organizations in Southeast Asia, is now extending its reach globally, they said.
Indeed, despite China’s tacit support for Russia’s war against Ukraine, Mustang Panda already was seen last year mounting a cyberespionage campaign against the Russian military.
The research also highlights the “alarming” role USB drives play in spreading malware quickly and often unbeknownst to users — even across air-gapped systems.
“These malicious programs possess the ability to self-propagate through USB drives, making them potent carriers of infection, even beyond their intended targets,” Check Point researchers wrote in the post. WispRider, an Evolving Malware Payload
The main payload of the campaign discovered by the researchers is called WispRider, which is a backdoor outlined in a report late last year by Avast — in which the toolset was called “SSE.” It’s since been fortified with additional features, Check Point researchers said.
For one, it propagates through USB drives using a launcher called HopperTick, and also includes a bypass for SmadAV, an antivirus solution popular in Southeast Asia.
The malware also performs DLL-side-loading using components of security software, such as G-DATA Total Security, and of two major gaming companies, Electronic Arts and Riot Games, the researchers said. Check Point notified the companies of the use of their components in the malware, they said.
WispRider and Hopper Tick align with other tools by wielded by Mustang Panda in terms of infrastructure and operational goals, allowing for their attribution to the Chinese APT, the researchers noted.
Related malware also used by the threat actor include a Go-based backdoor called TinyNote, and a malicious router firmware implant named HorseShell.
The WispRider infection begins when a benign USB thumb drive is inserted into an infected computer, the researchers explained. The malware detects a new device inserted into the PC and manipulates its files, creating several hidden folders at the root of the thumb drive.
It then copies into the thumb drive a Delphi loader with the name of the original thumb drive, and a USB thumb drive icon. Interestingly, there is no special technique used in this USB infection flow to automatically run the Delphi launcher; instead, it relies on social engineering, the researchers explained.
“The victims can no longer see their files on the drive and are left only with the executable, which they will likely click to reveal their files — thereby setting off an infection flow of the machine,” they wrote in the post.
WispRider acts as both an infector and backdoor, side loading as a DLL that includes both the USB infector component and the backdoor itself, the researchers said. It has execution flows to run both from an infected machine or to infect a machine if it hasn’t already been infected, they explained.
The latter “is likely an alternative infection vector which delivers the malware to the targeted network when the actors cannot rely on the USB propagation, as they can’t physically access the machine to plug in an infected drive,” researchers wrote.
Moreover, based on known tactics of Mustang Panda, the non-USB WispRider infections likely originate via “spear-phishing campaigns that deliver an archive with all the infection-related files and assure the legitimate executable runs with a relevant argument,” they wrote.
USB Infections, mitigating USB-Borne Cyber Threats.
USB-propagated infections have been around for two decades, but are increasingly becoming a popular attack vector of APTs and other large cybercriminal groups because of how rapidly threat actors can spread various types of malware via this vector.
It also allows them to sneak malware onto otherwise heavily secured networks via individual devices, the users of which may be unaware that they are carrying an infection.
Bad USB Attacks
These attacks involve USB devices that have been modified to act as a keyboard or other input device to execute malicious commands on a computer. Avoid using USB devices from untrusted sources and be cautious when connecting unknown devices to your computer.
USB Infections, to protect yourself from USB infections.
a. Use reliable antivirus software. Install and regularly update antivirus software on your computer. Enable real-time scanning and ensure it includes USB drive scanning.
b. Keep your operating system and software up to date. Regularly install security updates for your operating system, antivirus software, and other applications. These updates often include patches for known vulnerabilities.
c. Disable Autorun/Autoplay. Disable the Autorun or Autoplay feature in your operating system settings to prevent automatic execution of files when USB drives are connected.
d. Scan USB drives. Before accessing any files on a USB drive, scan it with your antivirus software to detect and remove any potential threats.
e. Avoid using unknown USB drives. Refrain from using USB drives from unknown or untrusted sources. If you find a USB drive, it’s best to avoid connecting it to your computer unless you can verify its source and trustworthiness.
f. Educate yourself and practice caution. Be vigilant when dealing with USB drives. Avoid opening files from unfamiliar or suspicious sources, and be cautious about plugging in USB devices from unknown origins.
By following these practices, you can significantly reduce the risk of USB infections and protect your computer from malware.
All The Best!