Skip to main content

Malware alert — don’t plug in that USB stick you found on the street

USB drop attack demo - Blackhat USA 2016
Be careful, that “found” USB drive may hold malware that’s just waiting for you to plug it in. Maybe you consider a found USB stick a chance to do a good deed by returning it to its owner — if you can discover who the owner is. Or maybe you’re curious and just want to see what’s on the removable storage drive. Whatever your reason for picking it up and plugging it in, that “lost” USB stick may be bait waiting for someone to hurt, according to Tom’s Hardware.

Google anti-abuse team researcher Elie Bursztein tested the effectiveness of using “lost” USB memory  to spread malware on a college campus. In Bursztein’s study, almost all of the USB sticks (97 percent) were picked up and almost half (45 percent) were plugged into computers where someone clicked on the stored files. In further testing, Bursztein found that USB sticks with labels such as “Exams” or “Confidential” were more likely to be opened than unlabeled drives while sticks with return addresses were less likely to be opened.

The threats from USB drives can come in several forms. HTML files or executable files stored on the drive could activate malware to infect the system in the background while running innocuous programs in the foreground. Users could be sent to a phishing site that would attempt to steal personal information. Alternately, activated code could search the computer’s files for personal credentials and then attempt to send them back to the hacker or to the cloud for later retrieval.

USB devices that resemble memory sticks but are really keyboard spoofers could be programmed to allow remote access and signal a hacker that the computer is open and ready for whatever the hacker intends.

It’s also possible to use USB sticks to mount zero-day attacks that exploit known software vulnerabilities either before vendors patch the hole or before users download updates. According to Bursztein, zero-day threats are less likely to be spread with randomly “lost” USB sticks due to the cost and complexity of altering firmware. You are more likely to be hit with malicious files or to pick up a keyboard-spoofer.

In any case, the best advice is to resist the temptation to pop a “found” USB stick into your computer just to see what’s on it. Bursztein demonstrated how a USB drop attack could work at Black Hat USA 2016.

Editors' Recommendations

Bruce Brown
Digital Trends Contributing Editor Bruce Brown is a member of the Smart Homes and Commerce teams. Bruce uses smart devices…
Google’s AI Overviews are already off the rails
AI Overviews being shown in Google Search.

Google AI Overviews were announced a couple weeks ago at Google I/O, and they've already proven to be rather controversial. The aim to provide high-quality answers to your questions summarized from the web, but a recent X (formerly Twitter) thread suggests that it might not be pulling from the most accurate sources.

When prompting Google for an answer to the issue of "cheese not sticking to pizza," the AI Overview reportedly claims that adding nontoxic glue to your pizza to prevent the cheese from sliding off. The exact words the AI overview gave are as follows: "You can also add about 1/8 cup of non-toxic glue to the sauce to give it more tackiness." Where did the Google AI overview get the info as a source? It got it from an 11-year-old Reddit comment from this thread, in what was clearly a joke.

Read more
MacBooks may get very strange (and exciting) in 2026
Foldable Macbook concept image created by LunaDisplay.

Apple's first all-screen foldable MacBook has been rumored for many years, and it's finally getting closer. Reports from analyst Ming-Chi Kuo suggest Apple plans to release its first foldable as early as 2026.

According to Kuo, Apple is considering both 20.25-inch and 18.8-inch panels that, when folded, would equate to a 14- to 15-inch MacBook and a 13- to 14-inch MacBook. Previous reports estimated a 2027 release for these all-screen MacBooks, but Kuo's latest information suggests we could see them as early the first half of 2026. And now that Apple has introduced its M4 chip, it's little surprise that these future devices are expected to run on M5 series processors.

Read more
The 10 best monitors for 2024: tested and reviewed
A person using the Dell UltraSharp 40 U4025QW 40-inch curved Thunderbolt hub monitor with a Dell laptop on a desk.

For those seeking a superior computer setup, a cutting-edge monitor is non-negotiable. Whether you're entrenched in graphic design, a dedicated gamer, or a remote professional, the right display has the power to transform your computing experience. With a myriad of options available, ranging from various resolutions and panel types to refresh rates and specialized features, navigating the world of monitors can be overwhelming.

Investing in a good PC monitor can enhance your computing experience in several ways:

Read more