A new form of data-stealing Trojan malware which spreads through USB devices and can make itself extremely difficult to detect has been found by security company ESET. Here’s what you need to know.
Pictures: SamahR, Chris Yarzab, Ervins Strauhmanis
The malware is called Win32/PSW.Stealer.NAI, dubbed USB Thief, and infects computers exclusively through USB devices. What makes the malware special is that it has mechanisms to protect itself from being reproduced or copied, which makes it hard to detect analyse, according to ESET researchers.
USB Thief is able to install itself onto a device and leave no evidence, adding to the level of difficulty in detection.
“Because it is USB-based, the malware is capable of attacks on systems isolated from the internet without leaving any traces. So the victims don’t notice that their data were stolen,” ESET malware analyst Tomáš Gardo said. “Another feature which makes this malware unusual is that not only it is USB-based, but it is also bound to a single USB device, since it is intended that the malware shouldn’t be duplicated or copied. This makes it very difficult to detect and analyse.”
Most malware uses Autorun files or crafted shortcuts to lure victims into running them but USB Thief inserts itself into the command chain of popular applications such as Firefox, NotePad++ and TrueCrypt as a plugin or dynamically linked library (DLL). This means it can run in the background whenever infected applications are executed.
The best ways to avoid falling victim to this kind of USB-based malware by only using USB storage devices from trusted sources. It’s also worth warning your organisation and your co-workers about this kind of threat to prevent sensitive company information from being compromised.
You can find out more on USB Thief over at ESET’s blog