USB Data-Stealing Malware Covers Its Tracks With Encryption

Recently, security researchers have discovered a new data-stealing malware which is confined to a specific USB device and vanishes without leaving a trace of its existence.

The malware experts have warned about the Trojan, dubbed USB Thief, that relies on a particular device and is built in a way that prevents it from being easily copied. Most probably, these mechanisms are created to make it harder to detect and analyse.

The newly-found malware relies on portable versions of popular programs stored on USB drives, and embeds itself into this software in the form of a plug-in or DLL file.

In order to avoid detection, the Trojan encrypts some of its files and generates their filenames from cryptographic elements produced from information specific to the USB device. For that reason, the malicious software will not run successfully on other devices.

Being executed, the malware steals data from the user’s virtual machine, encrypts it and exports it to a directory on the same USB device it is running from.

According to the security researchers, the Trojan isn’t widespread, though it could be used to steal information from computers which are kept isolated from the internet for security reasons.

In addition to the interesting concept of self-protecting multi-stage malware, the (relatively simple) data-stealing payload is very powerful, especially since it does not leave any evidence on the affected computer,” the malware analyst Tomas Gardon wrote.

After the USB is removed, nobody can find out that data was stolen. Also, it would not be difficult to redesign the malware to change from a data-stealing payload to any other malicious payload.”

Malware, hacking and ransomware are widespread challenges for cyber security teams. Recently, the researchers revealed KeRager, which is said to be the first fully-functional ransomware which runs on Apple’s Mac OS X operating system.

Before KeRager, TeslaCrypt ransomware was noted in some bogus emails claiming to be from a Visa rewards scheme and targeting users in the United Kingdom.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.