Businesses and PC owners beware: a unique type of data-stealing malware has been found in the wild. This malware is capable of infecting computers that are not connected to the internet and is so stealthy that it is (mostly) undetectable. The malware is called “USB Thief” because it is spread via USB thumb drives and once it has taken hold of a system, it steals massive amounts of data without detection, according to We Live Security.
The malware itself also has a mechanism that protects it from being copied or reverse-engineered. However, researchers were able to figure out exactly how it works. Once the USB is plugged into the system, it goes through a series of configurations until it finally reaches the payload where it steals data.
USB Thief brings to mind spy movies in which the spy plugs his USB into an enemy’s computer, steals the data he needs, and leaves no trace.
So far, the only victims of the malware have been organizations in African and Latin American countries, according to Ars Technica. The very nature of the attack is targeted and precise, making it appropriate for stealing large amounts of data from businesses. It is only a matter of time before more common hackers get their hands on the technology and use it against businesses of all sizes. With this technology, they will be able to steal credit card information, healthcare records, social security numbers, addresses, and anything else that they want to sell on the Dark Web.
During research, there were only two antivirus programs that prevented USB Thief from doing its job: software from Kaspersky Labs and G Data. Researchers believe those antivirus programs were either able to detect the malware or caused it to have performance issues. This goes to show that having a common antivirus can go a long way in protecting yourself from malware.
The easiest way to protect yourself against such an attack is to disable all USB ports on computers that hold sensitive information. Also, train employees to never use USB drives that they find. Set policies in place that inform employees of what they can and can’t do with a USB drive.