This week, a story emerged on the social news aggregation website Reddit about a new form of malware, one that had been packaged with the USB charger manufactured by an unknown Chinese company and sold by a random lackey on the auction portal eBay.
According to the forum (known as a “subreddit”
r/TalesFromTechSupport, an IT administrator was called up to his boss’s office after he complained his desktop had been running slowly, and acting strangely over the past week. The tech went through the usual line of questioning, finding out if he’d opened up any dodgy email attachments, visited any sites out of the ordinary, or downloaded files from a source he didn’t recognize beforehand.
After none of these came up with a hit, the tech then asked if the executive had gone through any “major life changes recently”, usually considered the last possible culprit when no other possibilities make sense.
“Finally after all traditional means of infection were covered; IT started looking into other possibilities. They finally asked the Executive, “Have there been any changes in your life recently”? The executive answer “Well yes, I quit smoking two weeks ago and switched to e-cigarettes”.
And there they found their answer. Apparently the exec had purchased his charger from an unknown seller on eBay, who was putting them out at a severely discounted price, likely in a bid to get as many out on the wires as he could before the jig was up.
“The made in china e-cigarette had malware hard coded into the charger and when plugged into a computer’s USB port the malware phoned home and infected the system.”
The news comes just a few months after the reveal of a malware known as BadUSB, an absolutely terrifying bit of code which can hide on almost any device that uses a USB cable or dongle to attach itself to your machine, regardless of whether it has onboard memory or not.
As these types of threats become more popular, users will need to start being extra cautious about what devices get plugged in on a daily basis. Everything from keyboards to flash drives are now at risk of being exploited, and as long as there’s a market out there for fresh vectors to work with, hackers will keep paying top dollar for the easiest and stealthiest way to find a way in.
Examples like these just show that malware can come from anywhere these days, and almost always from where you least expect it. As more of the obvious holes and points of entry get plugged by security software, hackers are coming up with increasingly inventive ways to get themselves embedded in your machines through whatever means necessary.
While it’s unlikely we’ll see this type of attack take off anywhere in the near future, it’s still interesting to see such an inventive and unique method of approach being used by an independent hacker.
And though you shouldn’t be overly paranoid of the scheme showing up on your antivirus scan anytime soon, it’s never a good idea to plug in unrecognized or third party peripherals into your computer unless you absolutely have to. If something can be charged via the wall socket, opt to go that route instead, and save yourself the headache that comes with quitting smoking and trying to clean up an infected computer both at the same time.
Problems? See this thread at archive.org.)
