Antivirus firm ESET has discovered a unique Trojen program dubbed as the USB Thief that is almost undetectable and is designed to steal information from PC’s not connected to the internet. Win32/PSW.Stealer.NAI or the USB Thief is hugely different compared with traditional malware programs and has a unique way of spreading via USB storage devices.
What makes this trojan really dangerous is that it does not leave any evidence of steal on the compromised computer. Its makers have employed a unique mechanism to protect the malware from being reproduced or copied, thus making it harder to detect and analyze.
USB Thief is created for targeted attacks
USB Thief uses intelligent encryption and fools one by not following the traditional encryptions methods that malware programs have. Its special encryption ensures that it does not spread in masses outside its target environment.
While the common logic says that a malware that spreads quickly is termed as very dangerous, such programs also attract immediate attention from security researchers who ensures that fixes and updates are released immediately. However, with USB Thief adopting an offline attack strategy by targeting only the air-gapped systems it is almost a certainty that it won’t be detected.
The malware trick users easily
As per surveys, people don’t excise much caution before using USB storage into their PC.
This malware can easily trick such users as it employs an uncommon way to spread. USB devices are commonly used to store and transfer portable applications like Firefox portable, Notepad++ portable, TrueCrypt portable and so on. The Trojan file of the USB thief can reside as a plugin source of portable applications or in the DLL file used by the portable application. Hence, whenever such an application is executed, the malware will get executed too.
How to protect from USB Thief
While USB Thief looks deadly, it is possible to prevent its spread by disabling the USB ports as far as possible. Exercising caution while inserting USB drives into PC’s from untrusted sources is also recommended, says Eset.