As for the malware inside these USB drives, the program is known aptly as “BadUSB” and it is designed to exploit the USB standard’s versatility and allow attackers to reprogram the component to emulate a keyboard that create keystrokes on a computer, install malware just before a system’s OS boots, or to spoof a network card and redirect the flow of network traffic.
The good news is that, according to the FBI, BadUSB attacks aren’t as common as others. On a somewhat related note, this attack is similar to an attack conducted by a group known as FIN7; supposedly, the group had sent out several BadUSB drives to targets on a list. The group then said that it was from BestBuy and that it required the recipients to stick said thumb drives into their PC, in order to view products that could then be redeemed by the attached gift card. At the time of writing, it doesn’t look like the trend has reached our shores. Having said that, we believe it goes without saying that, should you ever receive any sort of USB thumb drive in the mail, without any indication as to what it contains or whom it came from, you shouldn’t stick it into your PC. (Source: ZDNet)
