Is USB malware still relevant today?
Hello. The short answer is: Yes, USB malware is relevant.
The long answer:
As noted by some other members it doesn't get that much news coverage which is because there isn't anything new to say about it. They aren't rare, though, they are a daily occurrence at my work place. It is mostly still the same old families that are spreading via USB drives, e.g., Gamarue and Dinihou. Some RAT's, ransomware, and stealers adopted this strategy too but it is one feature of many, so it doesn't get too much attention.
Yes, the infamous
autorun.inf method doesn't work anymore since Windows 7. Most USB spreaders today (including Dinihou, Gamarue) use a different method which requires the user to open one of the files on the USB flash drives.
USB worms today spread by placing
windows shortcut files alongside your personal files on the drive. Then they hide the personal files. The shortcut files will look exactly like your personal files. So to you it will seem like those are the documents that you put there yourself. If you open them, the shortcuts will run the malware but also open your hidden personal files. You won't notice anything.
Shortcut icons usually have an arrow on the bottom left corner but even that is fixed by some of the worms using certain registry tweaks.
Examples of USB worm infections
Down below is an example of how a Spora infection looked like if you enable to view hidden files (taken from
this article). This was probably due to a bug but the first Spora versions not only did the shortcut infection on removable drives but also on the C: drive. Here the legitimate folders (Programs Files etc) here were hidden by the malware. The five files at the bottom that look like folders are malware shortcuts and execute the hidden malware executable that is marked in red here as well as open the actual folder with explorer to not raise suspicion.
From the perspective of a user, you are executing the malware merely by browsing the folders on your system. If anyone asked you if you executed something odd, you will probably deny that, since you only opened folders. You can also see that the arrow that normally indicates a shortcut icon is missing here.
For comparison this is a Try2Cry infection on a USB flash drive which does not remove the arrow from the shortcut icons. So it might occur to you that something is wrong.
Other threats via USB
USB worms are not the only threat, but others are less relevant in terms of how likely you might be affected by them.
Viruses (file infectors) may spread via USB flash drives. But this only happens if you have no working Antivirus program because almost all viruses are very old and well-detected by them.
Of course you may also put malware executables on your USB drive yourself (e.g. you backup a trojanized version of a legit program). But that's not a USB drive specific issue.
Attacks via Rubberducky only work if you plug in someone else's USB flash drive or allow others to do that.
Protection from USB malware
Don't plug your USB flash drive in public computers.
Don't plug unknown USB flash drives into your computer.
Use an Antivirus program.