Be Careful If You Get a Strange USB Drive in the Mail – It Might Be a Virus
Credit: ShutterstockToggle Dark Mode
Cybercriminals have found a novel way to install malicious software on your computer. Instead of using online tools, they’re sending USB drives directly to victims in the mail throughout the United States.
According to the FBI, a cybercrime group is mailing out physical USB drives hoping that the potential victims connect them to their computers.
The cybercriminals used the United States Postal Service and United Parcel Service to send all the USB drives. But they didn’t send just drives. They also made sure to impersonate the U.S. Department of Health and Human Services. The messages claimed that the USB drives contained a COVID-19 warning. Other mailed USBs claimed that they were from Amazon and that they had an Amazon gift card inside.
This is nothing new since cyber attackers have often used phishing to impersonate big companies and organizations to make you trust them
According to the report, these USB drives contain malware known as BadUSB attacks. This malicious software lets the cybercriminal control the computer with the USB drive to do things like create new commands on the computer, install different types of malicious software, or redirect traffic.
Unfortunately, this isn’t the first time this happened. Back in 2020, there was another attack with a similar process, and cybercriminals sent out a bunch of USB drives in the mail.
That time, the mail claimed that it was a gift card from Best Buy, but in reality, it was also a BadUSB malware that was used to install malware and exploit other vulnerabilities in many organizations’ PCs. They also were used to deploy many ransomware strains like BlackBatter and REvil.
Needless to say, you need to be careful of what you get in the mail and what you plug into your computer. Even if the package is addressed to you, you should avoid at all costs plugging one into your computer.
If the USB drive comes from a company or a person you’re familiar with—and you trust– try contacting them to make sure they actually sent you the USB drive. Even then, if it isn’t actually anything important, you should try to avoid using the USB drive in your computer to prevent any possible cyber attacks.
