Hackers using malware to steal data from USB flash drives

Cybercriminals are perpetually uncovering caller ways to bargain your data. As radical go much alert of communal threats similar phishing links, fake websites, fraudulent emails and impersonation scams, attackers are becoming much originative successful their approach.

One of the newer methods they are utilizing involves targeting USB flash drives. It whitethorn look astonishing that they would absorption connected thing arsenic elemental arsenic a flash drive, but the information it holds tin beryllium valuable. 

Plus, flash drives tin beryllium utilized to dispersed malware to different devices.

STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS — SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW

A idiosyncratic plugging successful a USB flash thrust to a laptop (Kurt "CyberGuy" Knutsson)

Why people USB flash drives?

USB drives are ubiquitous successful workplaces, particularly successful environments with air-gapped systems oregon restricted net access, specified arsenic those successful authorities and vigor sectors. This makes them an casual people for information theft and malware propagation. Often, these drives store delicate files that are not disposable connected networked systems. 

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

When infected, USB drives tin spread malware not conscionable wrong a azygous enactment but besides crossed aggregate entities if shared. These attacks don’t trust connected web vulnerabilities, allowing them to bypass accepted information tools. 

USB Flash thrust plugged into a laptop  (Kurt "CyberGuy" Knutsson)

200 MILLION SOCIAL MEDIA RECORDS LEAKED IN MAJOR X DATA BREACH 

How hackers are targeting your USB drives

As reported by Kaspersky's Securelist, a cybersecurity probe platform, hackers are utilizing USB drives to dispersed malware successful ways that tin easy bypass accepted information systems. One group, known arsenic GOFFEE, kicks disconnected its attacks with targeted phishing emails. These emails often transportation infected RAR files oregon Office documents with harmful macros. Once opened, they instal sneaky programs similar PowerModul and PowerTaskel connected the victim’s system.

These tools don’t conscionable beryllium around. They laic the groundwork for much attacks. PowerModul, successful particular, plays a large role. It’s a PowerShell publication introduced successful 2024 that talks to a command-and-control (C2) server. From there, it tin download and tally different tools, including 2 particularly unsafe ones, FlashFileGrabber and USB Worm.

FlashFileGrabber is made to bargain information from USB drives. It tin either prevention stolen files locally oregon nonstop them backmost to the hacker's server. Then there’s USB Worm, which infects immoderate USB thrust it finds with PowerModul, turning that thrust into a instrumentality for spreading malware to different systems.

What makes this method effectual is that USB drives are often shared betwixt radical and offices. That carnal question allows the malware to dispersed adjacent without an net connection. The malware hides archetypal files connected the USB and replaces them with malicious scripts disguised arsenic normal-looking shortcuts. When idiosyncratic clicks 1 of these, they unknowingly trigger the infection.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Illustration of a hacker astatine work  (Kurt "CyberGuy" Knutsson)

MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT

4 applicable ways to enactment harmless from USB-targeted attacks

1. Don’t plug successful chartless USB drives: It mightiness dependable obvious, but this is 1 of the astir communal ways malware spreads. If you find a USB thrust lying astir oregon idiosyncratic gives you 1 you weren’t expecting, debar plugging it into your system. Attackers often trust connected quality curiosity to get the malware onto your machine.

2. Be other cautious with email attachments: GOFFEE’s campaigns often statesman with phishing emails carrying malicious RAR files oregon Office documents with macros. Always double-check the sender’s code and ne'er unfastened unexpected attachments, particularly if they inquire you to "enable macros" oregon travel from chartless contacts. When successful doubt, corroborate done a antithetic channel.

3. Avoid clicking connected suspicious links and usage beardown antivirus software: Many attacks similar GOFFEE’s commencement with emails that look morganatic but incorporate malicious links. These links mightiness pb you to fake login pages oregon silently download malware that sets the signifier for USB-targeting tools similar PowerModul.

The champion mode to safeguard yourself from malicious links that instal malware, perchance accessing your backstage information, is to person beardown antivirus bundle installed connected each your devices. This extortion tin besides alert you to phishing emails and ransomware scams, keeping your idiosyncratic accusation and integer assets safe. Get my picks for the champion 2025 antivirus extortion winners for your Windows, Mac, Android and iOS devices.

4. Scan USB drives earlier use: The USB Worm infects USB drives by hiding archetypal files and planting malicious scripts disguised arsenic shortcuts, which trigger PowerModul erstwhile clicked. FlashFileGrabber besides steals files silently from USBs, often going unnoticed. Always scan USB drives with updated antivirus bundle earlier opening immoderate files. Use a reputable information instrumentality to cheque for hidden scripts, antithetic shortcuts oregon unexpected executables. If files look renamed oregon hidden, don’t click them until verified safe. 

DATA REMOVAL DOES WHAT VPNS DON’T: HERE’S WHY YOU NEED BOTH 

Kurt’s cardinal takeaway

Cybercriminals thrive wherever convenience meets oversight. However, it’s worthy considering wherefore USBs stay specified a brushed target. They’re not conscionable retention but a taste artifact of workplaces, particularly successful high-stakes sectors similar vigor oregon government, wherever offline information transportation feels safer than the cloud. But that spot is simply a unsighted spot. Attackers similar GOFFEE don’t request zero days due to the fact that they tin exploit quality habits specified arsenic sharing drives, skipping scans and clicking without thinking.

How often bash you plug successful a USB thrust without scanning it first? Let america cognize by penning america at Cyberguy.com/Contact

CLICK HERE TO GET THE FOX NEWS APP

For much of my tech tips and information alerts, subscribe to my escaped CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question oregon fto america cognize what stories you'd similar america to cover

Follow Kurt connected his societal channels

• Facebook
• YouTube
• Instagram

Answers to the astir asked CyberGuy questions:

• What is the champion mode to support your Mac, Windows, iPhone and Android devices from getting hacked?
• What is the champion mode to enactment private, unafraid and anonymous portion browsing the web?
• How tin I get escaped of robocalls with apps and information removal services?
• How bash I region my backstage information from the internet?

New from Kurt:

• Try CyberGuy's caller games (crosswords, connection searches, trivia and more!)
• CyberGuy’s Exclusive Coupons and Deals

Copyright 2025 CyberGuy.com.  All rights reserved.