Malware alert — don’t plug in that USB stick you found on the street

Be careful, that “found” USB drive may hold malware that’s just waiting for you to plug it in. Maybe you consider a found USB stick a chance to do a good deed by returning it to its owner — if you can discover who the owner is. Or maybe you’re curious and just want to see what’s on the removable storage drive. Whatever your reason for picking it up and plugging it in, that “lost” USB stick may be bait waiting for someone to hurt, according to Tom’s Hardware.

Google anti-abuse team researcher Elie Bursztein tested the effectiveness of using “lost” USB memory  to spread malware on a college campus. In Bursztein’s study, almost all of the USB sticks (97 percent) were picked up and almost half (45 percent) were plugged into computers where someone clicked on the stored files. In further testing, Bursztein found that USB sticks with labels such as “Exams” or “Confidential” were more likely to be opened than unlabeled drives while sticks with return addresses were less likely to be opened.

The threats from USB drives can come in several forms. HTML files or executable files stored on the drive could activate malware to infect the system in the background while running innocuous programs in the foreground. Users could be sent to a phishing site that would attempt to steal personal information. Alternately, activated code could search the computer’s files for personal credentials and then attempt to send them back to the hacker or to the cloud for later retrieval.

USB devices that resemble memory sticks but are really keyboard spoofers could be programmed to allow remote access and signal a hacker that the computer is open and ready for whatever the hacker intends.

It’s also possible to use USB sticks to mount zero-day attacks that exploit known software vulnerabilities either before vendors patch the hole or before users download updates. According to Bursztein, zero-day threats are less likely to be spread with randomly “lost” USB sticks due to the cost and complexity of altering firmware. You are more likely to be hit with malicious files or to pick up a keyboard-spoofer.

In any case, the best advice is to resist the temptation to pop a “found” USB stick into your computer just to see what’s on it. Bursztein demonstrated how a USB drop attack could work at Black Hat USA 2016.

Product Review

The Division 2 brings the most fun we've ever had to Washington, D.C.

After 55 hours with The Division 2, it’s clear that Ubisoft has improved on the original in almost every way. The world is richly detailed, the story missions are wonderful, gunplay and enemy design are great, and the endgame content is…
Mobile

Got gadgets galore? Keep them charged up with the 10 best USB-C cables

We're glad to see that USB-C is quickly becoming the norm. That's why we've rounded up some of the better USB-C cables on the market, whether you're looking to charge or sync your smartphone. We've got USB-C to USB-C and USB-C to USB-A.
Mobile

Rooting your Android device is risky. Do it right with our handy guide

Wondering whether to root your Android smartphone or stick with stock Android? Perhaps you’ve decided to do it and you just need to know how? Here, you'll find an explanation and a quick guide on how to root Android devices.
Computing

Here's our guide to how to charge your laptop using a USB-C cable

Charging via USB-C is a great way to power up your laptop. It only takes one cable and you can use the same one for data as well as power -- perfect for new devices with limited port options.
Mobile

Want to watch Netflix in bed or browse the web? We have a tablet for everyone

There’s so much choice when shopping for a new tablet that it can be hard to pick the right one. From iPads to Android, these are our picks for the best tablets you can buy right now whatever your budget.
Computing

Man pleads guilty to scamming Facebook and Google out of more than $100M

One of the men behind an elaborate fraud that saw Facebook and Google each hand over tens of millions of dollars has admitted to his part in the scheme. Lithuanian Evaldas Rimasauskas faces up to 30 years in a U.S. jail.
Product Review

HP’s gem-cut Spectre x360 15 is the most powerful 2-in-1 you can buy

HP’s 2019 Spectre x360 15 brings this massive 2-in-1 up to speed, literally. It now equips the same six-core Intel CPU as the rest of the 15-inch field, along with a real GPU for some 1080p gaming.
Computing

Ditch the background from your photos with these handy editing tools

Need to know how to remove the background from an image? Whether you prefer to use a premium program like Photoshop or one of the many web-based alternatives currently in existence, we'll show you how.
Computing

Yes, you can use Android apps on your Chromebook. Here's how

You can now get Android apps on your Chromebook! Google has enabled the Google Play Store app support on its Chrome OS and Chromebook hardware, so to get you started, here's our guide on how to get Android apps on a Chromebook.
Computing

Zipping files on a Chromebook? Follow these four easy steps

Chromebooks support file compression, though they work a little differently than on Windows or Mac. Here's the step-by-step process to zipping files on a Chromebook, and then unzipping them again for extraction.
Computing

Tired of all that white? Here's how to change the Google background image

Did you know that you can change how your Google search home page looks? It's a simple process to pick a new theme: We'll show you how to change your Google background, what to look for in themes, and how to download your own pictures for a…
Deals

These big, beautiful BenQ gaming monitors are on sale on Amazon right now

All gamers know that a good monitor is just as important as PC hardware to fully enjoy what today's games have to offer. BenQ makes some of the best (including some of our favorites), and three top-rated BenQ gaming monitors are on sale on…
Deals

The best Raspberry Pi 3 kits for coders, gamers, and DIY projects

The Raspberry Pi 3 is a low-budget computing platform capable of doing just about anything. We rounded up a handful of the best Raspberry Pi 3 bundles to get you started on a variety of DIY projects.
Computing

Need a portable workstation? One of these two 15-inch laptop might do the trick

HP's Spectre x360 15 is the most powerful 2-in-1 around, but it faces stiff large-laptop competition. Can it beat out powerful clamshells like well-built Apple MacBook Pro 15?