Be careful if you receive a thank you USB in your mailbox at home: they are infected with ransomware

On By Garmin Philip

If you find a USB without prior notice in your house, it is most likely that it is a mistake or someone’s mistake. Since the last thing we can think of is that someone wants to hack us. And precisely because of this, hackers are committing crimes.

The FBI has made public that a group of cybercriminals is mailing malicious flash drives to companies in an attempt to infect company networks with malware. This would be the last technique pirates have come up with and it works.

Receiving a pendrive by mail may seem normal or very strange, depending on your profession, but unless we know exactly who sent it to us, what logic tells us is that plugging it into our computer does not seem very safe. And so it is.

In this particular case, the Federal Bureau of Investigation states that the FIN7 group impersonated Amazon and the United States Department of Health and Human Services and shipped numerous packages using the United States Postal Service (USPS) and United Parcel Service (UPS).

These packages they contained fake gift cards or thank you notes. Along with them there was flash drives with the LilyGO logo, which are a relatively famous brand on the Internet.

The devices carried malware that, as soon as it was connected, was registered as a keyboard (HID), allowing it to continue to function even after removing the drive from the computer.

It then begins installing additional malware, with the ultimate goal, according to the FBI, of install one of the most popular ransomware strains. And it is not the first time that FIN7 has sent malware to people.

Phishing has evolved to continue to mislead users and make it difficult to detect. We tell you what homoglyph-based phishing is and what you can do to avoid falling into its trap.

BleepingComputer remember that two years ago, The same group posed as Best Buy and shipped similar packages to hotels, restaurants, and retail stores via USPS. Back then, they even called their targets on the phone to persuade them to connect the devices.

HID attacks only work when the target voluntarily connects the flash drive to the target device, and can be avoided by having employees only connect trusted USB devices, which is why they are so easy to prevent.

Reference-computerhoy.com