The FBI – an agency equivalent to the Federal Police in the United States – and the security company Trustwave have issued warnings about the actions of a group of hackers who are sending thumb drives by mail to victims. The letters pretend to be a gift from the American retailer Best Buy and state that the victim is receiving a thumb drive containing a list of products that can be purchased at a discount of $ 50 (about $ 250).
When connected, the flash drive installs a ghost keyboard on the computer, which can execute commands (automatically typing the "keys").
In the end, the system will be contaminated with a digital plague called Griffon, linked to a hacking gang known as FIN7.
FIN7 is known for infesting the network of companies with programs that steal financial information or compromise point of sale (POS) systems. The POS terminals are the terminals of cashiers in stores, hotels, supermarkets and other retail establishments, where information about customers' credit cards pass.
According to the FBI alert, correspondence may also include other items, including teddy bears and gift certificates. The letters are usually addressed to members of the administration, information technology or human resources sectors of the attacked organizations.
The police authority recommends that USB devices received from unknown sources are not used.
BadUSB creates 'ghost keyboard'
Trustwave's analysis indicates that the USB device used by criminals is based on a commercially available product called "Leonardo USB". Sold at US $ 7 (about R $ 35), it has an Arduino controller, model ATMEGA32U4, to carry out the "BadUSB" attack. This technique disguises or hides a USB device in the "shell" of another to deceive the victim.
When connected to the computer, the "pen drive" does not provide any storage space. Instead, the system "sees" a new keyboard. Then, this "keyboard" sends data through the USB port to simulate the typing of a command and download the malicious program made by the hackers.
To prevent the victim from suspecting that something bad has happened, the program displays a false error message, stating that there was a problem with the USB device. In fact, the device is functioning normally, performing its function of executing codes.
False error reports that USB device was not recognized by Windows. In fact, codes have already been executed and a digital plague is installed on the computer. – Photo: Reproduction / Trustwave
The malicious code installed at the end of this process collects a variety of information about the computer to send to a criminal control server.
It is also at this stage that hackers take control of the compromised system, being able to proceed to other systems on the network or install any other program they wish.
Questions about security, hackers and viruses? Send to email@example.com