Malware On USB Flash Drives From China

Malware On USB Flash Drives From China
Share:

About

Some time ago I bought a USB flash drive online from China. When I plugged it into my PC Windows Defender detected that malware(seems like a crypto miner) was present on the flash drive.
virus on flash drive
Keywords: Trojan:Win32/CoinMiner.BB Trojan:INF/Ramnit.A autorun.inf
In the image below you can see the contents. It seems like autorun.inf was supposed to run when the USB gets plugged in. However, this feature was disabled in Windows many years ago to protect users from this exact type of attack. So the malware either targets older systems or the attackers simply hope that the user clicks the file.
So I guess you should be careful with any storage device you buy and always format it before using it. The malware shouldn’t be able to come back after that unless the attackers have put some serious effort into modding the USB drives hardware or its memory controllers’ firmware. I would assume that only certain government agencies are capable and willing to do that if they are going after a specific target/goal. So the average user (probably) doesn’t have to worry about it.
As far as who and when they put the malware on the USB  is hard to say. It could have happened at almost any point in the supply chain: employee at the factory where the USB is manufactured, the seller(or one of their employees), or any other middle man that buys and resells the drives within Cina before they get to the final seller that sells them online.
Also this isn’t an isolated incident as according to the FBI a similar thing has happened to a company that bought thumb drives that originated from China.
Share:

Leave a Reply

Your email address will not be published.

The following GDPR rules must be read and accepted:
This form collects your name, email and content so that we can keep track of the comments placed on the website. For more info check our privacy policy where you will get more info on where, how and why we store your data.

Advertisment ad adsense adlogger