Monday, February 10, 2025
HomeBitcoinBeware !! USB Devices & Removable Media are Used to Inject Cryptocurrency...

Beware !! USB Devices & Removable Media are Used to Inject Cryptocurrency Mining Malware

Published on

SIEM as a Service

Follow Us on Google News

Cybercriminals are still using USB Devices & Removable Media to perform various malicious activities and spreading Cryptocurrency Mining malware in order the mine crypto coins especially Bitcoin.

A recent report from Kaspersky reveals that around one in four users worldwide is affected by a ‘local’ cyber incident by USB devices and other removable media.

Even though Cloud-based services now take over the Digital world for storing & sharing the data, still millions of USB devices are still produced and distributed annually worldwide.

Infecting users via USB devices has been observed since 2016 and some of the victims are carrying this crypto malware infection over a year.

In this case, Asia, Africa, and South America among the most affected and some of the heavy infection are spotted in Europe and North America.

Apart from crypto mining malware there is some other malware also spreading via removable media/USBs includes the Windows LNK family of Trojans which is one of the top cyber threat in 2016.

Malware delivered via USB Devices

Windows malware family Windows LNK Malware which is used by attackers to destroy, block, modify or copy data, or to disrupt the operation of a device or its network and it was the top USB based threat in 2016.

The WinLNK Runner Trojan, which was the top detected USB threat in 2017 and it was tried to attempt  22.7millions times and infected nearly 900,000 users.

This year number target has been increased to 23 million with over 700,000 users affected users according to the Kaspersky Lab research.

In another case, Stuxnet exploits in 2010 which is one of the top 10 malicious exploits spread via removable media.

USB Based Threats Infection Process

Infection from the USB devices is considering as a local threat that will be infected directed to the user system.

According to Kaspersky, Local threats differ from threats targeting computers over the internet (web-borne threats), which are far more prevalent. Local infections can also be caused by an encrypted malicious program hidden in a complex installer.

In between 2013 to 2018, USB devices based attacks are dramatically increased following data number in Millions. Advanced Threat actors including Equation Group, Flame, Regin and HackingTeam have integrated the exploit for Windows LNK vulnerability (CVE-2010-2568).

USB devices are also being used to spread crypto-mining malware is unusual that is inject via malware which secretly uses the processor capacity of the infected computer to generate the cryptocurrency.

Mitigation steps by Kaspersky

Advice for all USB users:
  • Be careful about the devices you connect to your computer – do you know where it came from?
  • Invest in encrypted USB devices from trusted brands – this way you know your data is safe even if you lose the device
  • Make sure all data stored on the USB is also encrypted
  • Have a security solution in place that checks all removable media for malware before they are connected to the network – even trusted brands can be compromised through their supply chain
Additional advice for businesses:
  • Manage the use of USB devices: define which USB devices can be used, by whom and for what
  • Educate employees on safe USB practices – particularly if they are moving the device between a home computer and a work device
  • Don’t leave USBs lying around or on display
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...

Ransomware Payments Plunge 35% as More Victims Refuse to Pay

In a significant shift within the ransomware landscape, global ransom payments plummeted by 35%...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

NanoCore RAT Attack Windows Using Task Scheduler to Captures keystrokes, screenshots

NanoCore, a notorious Remote Access Trojan (RAT), continues to pose a significant threat to...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...