Here is something we haven’t heard of in a while – using USB thumb drives to spread malware.
To be clear, cybercriminals aren’t taking a page out of Darleen’s playbook in Mr Robot and dumping infected thumb drives on the ground, rather malware is able to spread to thumb drives where it can be spread by unsuspecting victims.
This advanced persistent threat campaign has been dubbed LuminousMoth by the researchers at Kaspersky’s Global Research and Analysis Team (GReAT) who discovered it.
Initially seen in Myanmar, attackers begin the campaign with a spear-phishing emailing. The email contains a download link to what appears to be a Dropbox file but in fact it’s malware. When the link is clicked a RAR archive disguised as a Word document is downloaded and this contains the malicious payload.
“Once downloaded on a system, the malware attempts to infect other hosts by spreading through removable USB drives. If a drive is found, the malware creates hidden directories on the drive, where it then moves all of the victim’s files, along with the malicious executables,” says Mark Lechtik, senior researcher at GReAT.
“We were able to identify a large number of targets infected by LuminousMoth, almost all of which are from the Philippines and Myanmar. We came across approximately 100 victims in Myanmar, whereas in the Philippines the number was much higher, counting nearly 1,400 victims. It seems however that the actual targets were only a subset of these that included high-profile organizations, namely government entities located both within those countries and abroad,” the researcher adds.
Kaspersky’s team believes that the malware has ties to Chinese threat group, HoneyMyte given the overlaps in the resources used in LuminousMoth.
While the campaign may not have spread to more regions just yet it’s probably best to exercise caution when plugging in USB thumb drives you don’t trust.
[Image – CC 0 Pixabay]