silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
Hackers use snail-mail to send target company an envelope with a malware-laced USB thumb drive.
A US hospitality provider has recently been the target of an incredibly rare BadUSB attack, ZDNet has learned from cyber-security firm Trustwave.
The attack happened after the company received an envelope containing a fake BestBuy gift card, along with a USB thumb drive.
The receiving company was told to plug the USB thumb drive into a computer to access a list of items the gift card could be used for.
But in reality, the USB thumb drive was what security experts call a "BadUSB" -- a USB thumb drive that actually functions as a keyboard when connected to a computer, where it emulates keypresses to launch various automated attacks.
Trustwave, who couldn't reveal the target company's name for confidentiality reasons, said the victim recognized the attempted hack and called it in to investigate the incident.
In a report published today and shared with ZDNet, Trustwave said that once they plugged the BadUSB into a test workstation, the BadUSB triggered a series of automated keypresses that launched a PowerShell command.This Powershell command downloaded a bulkier PowerShell script from an internet site and then installed malware on the test machine -- a JScript-based bot.