Hackers using malware to steal data from USB flash drives
Cybercriminals are constantly finding new ways to steal your data, and one of the newer methods they are using involves targeting USB flash drives. While it may seem surprising that attackers would focus on something as simple as a flash drive, the data it holds can be valuable. Additionally, flash drives can be used to spread malware to other devices, making them an attractive target for cybercriminals.
USB drives are commonly used in workplaces, especially in environments with air-gapped systems or restricted internet access. This makes them an easy target for data theft and malware propagation, as they often store sensitive files that are not available on networked systems. When infected, USB drives can spread malware not just within a single organization but also across multiple entities if shared. These attacks don’t rely on network vulnerabilities, allowing them to bypass traditional security tools.
Hackers are using USB drives to spread malware in ways that can easily bypass traditional security systems. One group, known as GOFFEE, starts its attacks with targeted phishing emails that carry infected RAR files or Office documents with harmful macros. Once opened, these files install sneaky programs like PowerModul and PowerTaskel on the victim’s system, laying the groundwork for more attacks.
PowerModul, a PowerShell script introduced in 2024, communicates with a command-and-control server and can download and run other tools, including FlashFileGrabber and USB Worm. FlashFileGrabber is designed to steal data from USB drives, either saving stolen files locally or sending them back to the hacker’s server. USB Worm infects any USB drive it finds with PowerModul, turning that drive into a tool for spreading malware to other systems.
To stay safe from USB-targeted attacks, there are practical steps you can take:
1. Avoid plugging in unknown USB drives.
2. Be cautious with email attachments, especially those asking you to enable macros.
3. Avoid clicking on suspicious links and use strong antivirus software.
4. Scan USB drives before use with updated antivirus software to check for hidden scripts or unusual shortcuts.
It’s important to be aware of the risks associated with USB drives and take steps to protect your data. By following these tips and staying vigilant, you can reduce the chances of falling victim to USB-targeted attacks. Stay informed, stay protected, and keep your data safe from cybercriminals.
