Wait! Where did you get that USB? Super-stealthy trojan only drives stick

Hackers have created a trojan that that makes exclusive use of USB devices in order to spread.

The malware - dubbed USB Thief - is capable of stealthy attacks against air-gapped systems, net security firm ESET warns. USB Thief is well protected against detection and reverse-engineering - not least because it leaves no trace of activity on the compromised computers themselves.

“It seems that this malware was created for targeted attacks on systems isolated from the internet,” explained Tomáš Gardoň, a malware analyst at ESET.

The data-stealing trojan can be stored as a plugin source of portable applications or as just a library – DLL – used by the portable application. So, whenever an application such as Firefox portable or TrueCrypt portable is executed, the malware will also be run in the background.

“This is not a very common way to trick users, but very dangerous. People should understand the risks associated with USB storage devices obtained from sources that may not be trustworthy,” Gardoň warned.

The malware is able to steal data from air-gapped systems (which aren’t connected to the internet) by writing it to the device itself.

Peter Stancik, security evangelist at ESET, explained: “[Stolen] data is written to the device itself: Configuration data include information on what data should be gathered, how they should be encrypted, and where they should be stored. The output destination must always be on the same removable device.” ®