There’s a new malware in town, and its been named after USB. Its been dubbed the USB thief, and it steals large amounts of data from your computer after you’ve connected another USB to your device. It utilizes this information through multi-layered encryption tactics that steal data from the device ID of a USB drive, loading a chain of files with different file names that are always unique and created when the malware replicates. After it starts creating files, it modifies the file contents and the time that the file was created to make them nearly impossible to find.
This Simple Malware Bridges the Windows- Mac OS Gap
Because this malware is capable of self-protecting, its relatively dangerous. After a USB is removed, its impossible to see where it came from, or where your data went. It also doesn’t seem like the software would be difficult to modify, or move to another data account, taking advantage of more information and data.
This malware has been wrecking havoc in the Middle East for years (its supposedly a derivative of the Stuxnet worm that disrupted Iran’s nuclear program. One of the biggest features of this infamous malware bug was its ability to target virtually any computer system (including industrial or control systems, even state or local government). It binds to any single computer, on any system from Linux to Windows or Mac OS. Even worse, it doesn’t behave like most USB attacks.
USB Thief Doesn’t Rely on Autorun or Operating System Vulnerabilities to Inject Itself into Your System
This particular malware is dangerous because it attaches itself to your computers internal chain of command. It infects portable versions of legitimate applications. These versions attach to any common program from Firefox to NotePad++ or TrueCrypt. This allows it to chain to different versions of portable apps to run malware in the background of your computers processes.
Research indicates that the USB Thief was extensively tested before it was released to ensure that it could take over a wide variety of devices under different situations. The researchers notated that it wont install itself on systems if the target system is running sophisticated antivirus software that tests for malware that causes performance issues.
Avoiding USB Thief on your Windows or Mac OS
How can we combat this malware? Because it was defined for targets, its important to find out which systems you need to protect your firmware and filesystem data with your antivirus software. You need to double check that information and check-sums come from trusted sources, and if they don’t, run them through decontamination until they’re squeaking clean.