Security News

G Data security researchers have identified a new ransomware family that attempts to spread using infected USB drives. Dubbed Try2Cry, the new piece of ransomware borrows functionality from Spora, which first emerged three years ago.

A remote USB function in a software provider's code has been found to contain a significant vulnerability. "USB for Remote Desktop," works by redirecting USB devices to remote sessions over Microsoft RDP, Teradici PCoIP, or Citrix ICA Protocols.

For years, a China-linked threat actor named Cycldek has been exfiltrating data from air-gapped systems using a previously unreported, custom USB malware family, Kaspersky reports. Both malware versions were used to target diplomatic and government entities, but each was focused on a different geography, Kaspersky believes.

The Cycldek APT group has added a previously unknown malware dubbed USBCulprit to its arsenal, aimed at reaching air-gapped devices. "These documents are then transferred to USB drives connected to the system. This suggests the malware was designed to reach air-gapped machines, or those that are not directly connected to the internet or any other computer connected to internet."

Its website, which describes it as a USB key that "Provides protection for your home and family, thanks to the wearable holographic nano-layer catalyser, which can be worn or placed near to a smartphone or any other electrical, radiation or EMF emitting device". "Through a process of quantum oscillation, the 5GBioShield USB key balances and re-harmonises the disturbing frequencies arising from the electric fog induced by devices, such as laptops, cordless phones, wi-fi, tablets, et cetera," it adds.

With a new fuzzing tool created specifically for testing the security of USB drivers, researchers have discovered more than two dozen vulnerabilities in a variety of operating systems. "USBFuzz discovered a total of 26 new bugs, including 16 memory bugs of high security impact in various Linux subsystems, one bug in FreeBSD, three in macOS, and four in Windows 8 and Windows 10, and one bug in the Linux USB host controller driver and another one in a USB camera driver," Hui Peng and Mathias Payer explained.

ESET managed to sinkhole several command and control servers of a botnet that propagates via infected USB devices, thus disrupting its activities. Referred to as VictoryGate and active since at least May 2019, the botnet impacted devices in Latin America the most, especially Peru, where more than 90% of the compromised devices are located.

Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency. "The main activity of the botnet is mining Monero cryptocurrency," ESET said.

Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency. "The main activity of the botnet is mining Monero cryptocurrency," ESET said.

The financially-motivated hacking group FIN7 has started mailing malicious USB devices to intended victims in an effort to infect their computers with malware, the FBI warns. Mainly targeting businesses via phishing emails, the cybercrime group appears to have changed tactics recently, and started sending malicious USB devices to victims via the United States Postal Service.