Beware of BadUSB, the latest attack comes via USPS

The FBI recently put out a warning that cybercriminal group FIN7, has started mailing USB drives filled with “BadUSB” malware to various companies. There are two variations of packages:

Those imitating HHS [US Department of Health and Human Services ], often accompanied by letters referencing COVID-19 guidelines and enclosed with a USB
Those imitating Amazon, arriving in a decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB.

In both cases, the packages contained LilyGO-branded USB devices.

Once recipients plug the thumb drives into their PCs, the devices execute a BadUSB attack, where the USB drive would register itself as a keyboard instead and send a series of preconfigured automated keystrokes to the user’s PC. These keystrokes would run PowerShell commands that downloaded and installed various malware strains that acted as backdoors for the attackers into the victims’ networks.

What Should You Do?
If you come across any unknown USB device – via mail, conference room floor, parking lot, etc., don’t plug it into your computer! If in question, hand the device over to a member of your IT team. Click to learn more about BadUSB.

If you have any additional questions regarding this attack, please contact a member of the BMT team.

Beware of BadUSB, the latest cyberattack comes via USPS

Beware of BadUSB, the latest cyberattack comes via USPS

Contact Us

Services

Subsidiary Companies

Beware of BadUSB, the latest cyberattack comes via USPS

Beware of BadUSB, the latest cyberattack comes via USPS

Share This Story, Choose Your Platform!

Related Posts

The Emerging Role of AI in Open-Source Intelligence

Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware Tool

Latest Cryptocurrency Scam Hits Victims Twice

Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads

The Secrets of Hidden AI Training on Your Data

Contact Us

Services

Subsidiary Companies