Police warns of malware-laden USB sticks being distributed via mailboxes in Australia
It is not clear whether specific people were targeted by crooks or if the incidents were random.
Police in Australia have warned people to be wary of malware-laced USB sticks being sent out by crooks in their mailboxes. Some people had previously reported to having received "unmarked USB drives in their letterboxes", which reportedly contained malware.
"The USB drives are believed to be extremely harmful and members of the public are urged to avoid plugging them into their computers or other devices. Upon inserting the USB drives into their computers victims have experienced fraudulent media streaming service offers, as well as other serious issues," the announcement read, which was specifically meant to warn residents of Melbourne's suburban area of Pakenham.
It is not clear what the contents of the fraudulent media streaming services were, nor is it known whether specific people were targeted or if the incidents were random. Authorities also did not mention the extent of the damage caused to computers after people used the USB sticks.
Gavin Millard, EMEA technical director at Tenable Network Security told IBTimes UK, "This is a new angle to the well known, old school technique of scattering USB drives outside a company's premises, with the aim of a curious employee introducing it onto the network. It should go without saying that any drive or other USB peripheral discovered on the ground, or in a mailbox should never be inserted into a computer, otherwise the user runs the risk of getting all kinds of nasty code installed.
"The approach of distributing malware laden drives was also allegedly attempted by the Russian delegation at the G20 in 2013 to spy on heads of state, which was fortunately thwarted by a suspicious Herman Von Rompuy."
However, it appears that the practise of anonymously delivering corrupt USB sticks is not uncommon, with some people taking to Twitter to report incidences of having received memory sticks in their mail.
Meanwhile, a study conducted by researchers from the University of Illinois found that 48% people are likely to pick up random USB sticks lying about in public places and plugging it in to their computer to investigate its contents. This could pose a threat to their systems and personal information.
Received more mysterious mail: a USB drive in a sealed evidence bag... Now to find a public computer to open it with pic.twitter.com/u1isMIwGbe
— Peter Robards (@PeterRobards) August 30, 2016
Someone put a USB in my mailbox. No note, no nothing, just the USB... So tempted to see whats on it.
— Shaquille Ray 🕷 (@ShaquilleRay) April 30, 2016
Got a strange package in the mail, containing a USB drive, human hair, and a call to action? #truthisallaroundus pic.twitter.com/pWcRlMEZ48
— Kel Lind (@_KLind) September 13, 2016
Who is Ralph Colorado?! I got a USB stick from them in the mail that says happy birthday and I'm legit afraid.
— Jay Boosh (@JayBoosh) August 21, 2016
In 2011, the US Department of Homeland Security conducted a test by dropping USB sticks in parking lots of government buildings. The test uncovered that 60% were likely to plug in the USB sticks into their systems to find out its contents and an alarming 90% were likely to insert and use such devices if they came with an official logo.
In recent times, researchers have come up with new cyber-exploits that can convert a seemingly mundane-looking USB drive into a cyber-weapon capable of infiltrating and stealing sensitive and personal data from users' devices. One such device named USB Kill 2.0 is even available online for just €49.95 (£42).
© Copyright IBTimes 2024. All rights reserved.
