IBM has issued a warning to users about an unspecified number of USB sticks shipped with Storwize flash that contain malware. Security researchers at Trend Micro tied the malware strain to one that was found being distributed via North Korea's official news website KCNA. IBM suggests that users destroy the USB sticks to ensure that they are not reused.
The malware appears to be dormant as it does not execute itself without manual input. IBM explained that the USB sticks come with an initialising tool which was infected with the malware, which experts say is capable of spying on users.
IBM said neither the firm's Storwize storage systems nor the data stored on the infected USB sticks are affected by the malware. The malware, which comes with cyberespionage features, copies itself onto a user's computer. Lenovo, which also issued a warning, urging users to destroy the USB sticks, clarified that despite the malware having the ability to copy itself onto a victim's computer, it does not get executed unless the user "manually" executes it.
Reports suggest that the malware goes by different names. According to Kaspersky, the trojan is designed to spy on victims. The malware which functions as a dropper also has keylogger capabilities and can take screenshots.
IBM recommended that users "verify your antivirus software has already removed the infected file or alternatively remove the directory containing the identified malicious file in the manner described below".
Both IBM and Lenovo also recommended users update their antivirus software.
It remains unclear as to how many infected USB sticks were shipped and whether they successfully infected any users.