Police in Australia have warned people to be wary of malware-laced USB sticks being sent out by crooks in their mailboxes. Some people had previously reported to having received "unmarked USB drives in their letterboxes", which reportedly contained malware.
"The USB drives are believed to be extremely harmful and members of the public are urged to avoid plugging them into their computers or other devices. Upon inserting the USB drives into their computers victims have experienced fraudulent media streaming service offers, as well as other serious issues," the announcement read, which was specifically meant to warn residents of Melbourne's suburban area of Pakenham.
It is not clear what the contents of the fraudulent media streaming services were, nor is it known whether specific people were targeted or if the incidents were random. Authorities also did not mention the extent of the damage caused to computers after people used the USB sticks.
Gavin Millard, EMEA technical director at Tenable Network Security told IBTimes UK, "This is a new angle to the well known, old school technique of scattering USB drives outside a company's premises, with the aim of a curious employee introducing it onto the network. It should go without saying that any drive or other USB peripheral discovered on the ground, or in a mailbox should never be inserted into a computer, otherwise the user runs the risk of getting all kinds of nasty code installed.
"The approach of distributing malware laden drives was also allegedly attempted by the Russian delegation at the G20 in 2013 to spy on heads of state, which was fortunately thwarted by a suspicious Herman Von Rompuy."
However, it appears that the practise of anonymously delivering corrupt USB sticks is not uncommon, with some people taking to Twitter to report incidences of having received memory sticks in their mail.
Meanwhile, a study conducted by researchers from the University of Illinois found that 48% people are likely to pick up random USB sticks lying about in public places and plugging it in to their computer to investigate its contents. This could pose a threat to their systems and personal information.
In 2011, the US Department of Homeland Security conducted a test by dropping USB sticks in parking lots of government buildings. The test uncovered that 60% were likely to plug in the USB sticks into their systems to find out its contents and an alarming 90% were likely to insert and use such devices if they came with an official logo.
In recent times, researchers have come up with new cyber-exploits that can convert a seemingly mundane-looking USB drive into a cyber-weapon capable of infiltrating and stealing sensitive and personal data from users' devices. One such device named USB Kill 2.0 is even available online for just €49.95 (£42).