Malware delivered by USB

Hackers no longer want to ruin your computer or data – why destroy it when they can make it work for them? Hackers are increasingly using computers they’ve infected to send phishing emails, mine for cryptocurrency like bitcoin, or see what you’ve been typing to steal your passwords, credit card numbers, or banking information.

All of these are examples of malware, which is up over 270% in the last five years. While most malware is downloaded from links in attachments and phishing emails, hackers are increasingly looking for new ways to download the code onto your computer. One way they’ve been doing it is through USB devices.

They know there’s nothing more enticing than finding a thumb drive, and know most people who pick it up are curious to know what’s on it and will probably plug it into their computer. As soon as you plug it in the hacker’s malware is loaded onto your machine. They might even put a label on it that says something like “vacation pictures” to try and entice you to plug it in and see what’s on the thumb drive.

Other things might not be as obvious. Recently hackers have disguised this capability in other USB devices such as cell phone chargers. Hackers might leave a normal looking cell phone charging cable somewhere for you to pick up, or give you one to use. What you don’t know is that while the cell phone is being charged, the USB charging cable has downloaded malware onto your computer. Similarly scammers have figured out how to hack cell phone charging stations. So while you might have your own charging cable, as soon as you plug it into the charging station, the malware is being sent to your phone, or data from your phone is being sent to the hacker. This is called “juice jacking,” and one way you can prevent it is by using a USB data blocker which allows you to charge your phone, but prevents it from transferring any data.

When COVID-19 hit, more and more employees started working from home and their company sent them USB peripherals like headsets, mice, keyboards, and other items to do their work. Scammers have caught on, and there have been reports of people getting packages in the mail with free keyboards mice and other USB items. Scammers are hoping you’ll plug them in so their malware will infect your machine.

Because it’s so effective, the growth of malware is expected to continue to increase for years to come, and one of the ways you can protect your devices – and yourself – is to be careful about what you plug in. Be wary of any USB device you might find or is given to you for free. Share this information with friends and relatives to help them avoid becoming a victim as well.

Leave a Reply