https://www.bankinfosecurity.com/fbi-cybercrime-gang-mailing-badusb-devices-to-targets-a-14029
I chose this article because the whole situation is quite odd. A group is mailing they victims a USB along with a teddy bear as well as a supposed $50 gift card to Best Buy. The letter attached to the items once stated, “You can spend it on any product from the list of items presented on a USB stick.” What shocks me is that people actually take these strange items into their home and even worse proceed to insert the USB into their computer. I personally would throw everything in the trash and possibly keep the gift cars however, I would still be very hesitant on doing that. But, what happened to the individuals who actually took the ‘gift’ into their home?
According to the article, the USB is actually a BadUSB. It gives the attacker the ability to bypass endpoint anti-virus tools and gain remote access to any system. This specific device that was ‘generously gifted’ was a malicious USB keyboard preloaded with keystrokes thats ultimate go was to download malware onto the victims computer. “The FBI says the domains or IP addresses that the device pings then push a copy of Griffon malware back to the device, which has been previously attached to phishing emails sent by FIN7. Potentially, the infected system can also give attackers a stepping stone to the rest of a corporate network.” There has yet to be a solution to this issue but hopefully it comes soon.
What can be learned from this incident is…DONT TAKE WEIRD ITEMS INTO YOUR HOME. And if for some reason you choose to do so, do not put the USB int your computer.
Carri Writes 