Security News > 2020 > June > New USBCulprit Espionage Tool Steals Data From Air-Gapped Computers

A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday.

"One of the newly revealed tools is named USBCulprit and has been found to rely on USB media in order to exfiltrate victim data," Kaspersky said.

Chief among them is a malware called USBCulprit that's capable of scanning a number of paths, collecting documents with specific extensions, and exporting them to a connected USB drive.

The initial infection mechanism relies on leveraging malicious binaries that mimic legitimate antivirus components to load USBCulprit in what's called DLL search order hijacking before it proceeds to collect the relevant information, save it in the form of an encrypted RAR archive, and exfiltrate the data to a connected removable device.

"The characteristics of the malware can give rise to several assumptions about its purpose and use cases, one of which is to reach and obtain data from air-gapped machines," the researchers said.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/edDkRq-BLDs/air-gap-malware-usbculprit.html