Stealthy malware targeting air-gapped PCs leaves no trace of infection - Attivo Networks
Attivo Networks Blogs

Stealthy malware targeting air-gapped PCs leaves no trace of infection

Researchers have discovered highly stealthy malware that can infect computers not connected to the Internet and leaves no evidence on the computers it compromises.

USB Thief gets its name because it spreads on USB thumb and hard drives and steals huge volumes of data once it has taken hold. Unlike previously discovered USB-born malware, it uses a series of novel techniques to bind itself to its host drive to ensure it can’t easily be copied and analyzed. It uses a multi-staged encryption scheme that derives its key from the device ID of the USB drive. A chain of loader files also contains a list of file names that are unique to every instance of the malware. Some of the file names are based on the precise file content and the time the file was created. As a result, the malware won’t execute if the files are moved to a drive other than the one chosen by the original developers.

 

Read more>>

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free

FAST AND EASY

Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial

GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY

  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise

RSS

Leave a Comment

Your email address will not be published. Required fields are marked *

14 − four =

Ready to find out what’s lurking in your network?

Scroll to Top