Security News

For years, a China-linked threat actor named Cycldek has been exfiltrating data from air-gapped systems using a previously unreported, custom USB malware family, Kaspersky reports. Both malware versions were used to target diplomatic and government entities, but each was focused on a different geography, Kaspersky believes.

The Cycldek APT group has added a previously unknown malware dubbed USBCulprit to its arsenal, aimed at reaching air-gapped devices. "These documents are then transferred to USB drives connected to the system. This suggests the malware was designed to reach air-gapped machines, or those that are not directly connected to the internet or any other computer connected to internet."

Its website, which describes it as a USB key that "Provides protection for your home and family, thanks to the wearable holographic nano-layer catalyser, which can be worn or placed near to a smartphone or any other electrical, radiation or EMF emitting device". "Through a process of quantum oscillation, the 5GBioShield USB key balances and re-harmonises the disturbing frequencies arising from the electric fog induced by devices, such as laptops, cordless phones, wi-fi, tablets, et cetera," it adds.

With a new fuzzing tool created specifically for testing the security of USB drivers, researchers have discovered more than two dozen vulnerabilities in a variety of operating systems. "USBFuzz discovered a total of 26 new bugs, including 16 memory bugs of high security impact in various Linux subsystems, one bug in FreeBSD, three in macOS, and four in Windows 8 and Windows 10, and one bug in the Linux USB host controller driver and another one in a USB camera driver," Hui Peng and Mathias Payer explained.

ESET managed to sinkhole several command and control servers of a botnet that propagates via infected USB devices, thus disrupting its activities. Referred to as VictoryGate and active since at least May 2019, the botnet impacted devices in Latin America the most, especially Peru, where more than 90% of the compromised devices are located.

Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency. "The main activity of the botnet is mining Monero cryptocurrency," ESET said.

Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency. "The main activity of the botnet is mining Monero cryptocurrency," ESET said.

The financially-motivated hacking group FIN7 has started mailing malicious USB devices to intended victims in an effort to infect their computers with malware, the FBI warns. Mainly targeting businesses via phishing emails, the cybercrime group appears to have changed tactics recently, and started sending malicious USB devices to victims via the United States Postal Service.

Google has released a new software tool designed to identify potential USB keystroke injection attacks and block devices they originate from. Delivered over USB, keystroke injection attacks require a Human Interface Device Driver.

The hardware security professionals at F-Secure have created a new version of the USB armory - a computer on a USB stick built from the ground up to be secure. USB armory Mk II. The USB armory Mk II entrenches security in its lowest levels and is suitable for a wide range of applications - such as custom hardware security modules, cryptocurrency wallets, secure authentication and licensing tokens, and more - that need the efficiency and flexibility of an embedded computer without sacrificing security.