A new Trojan has been found by the security researchers of security company ESET. The Trojan found by them is a USB based Trojan. This is a widely used Trojan by hackers to steal the sensitive data of users these days. It is an insidious data stealer. It relies in USB devices to spread itself.
How it works?
It is not easily detectable Trojan. A special multi staged encryption process has been used by developers of this Trojan, which can protect this Trojan from Antivirus Tools. “USB-thief” is also capable to infect air gapped (that systems which are protected by Network Firewall or other security equipment) systems. From here you can guess, how much dangerous this Trojan is. This is a special designed Trojan, which could save itself inside the USB with file name “Win32/PSW Stealer.NAI”. When user attached the infected USB with his system, this Trojan will automatically run and start tracing all the activities done by user on his computer system.
Thomas Gardon is a malware analyst at ESET. According to him this is a new type of malware which he has noticed recently. This is a hard coded Trojan, which is using different methods to steal information as compared to all other Trojans. This Trojan has been intelligently coded by its developers because it does not leave any type of evidence behind it the hacked system. This Trojan is using only USB devices to do its works and it do not copy any type of file in victim’s computer system.
How “USB-thief” is storing itself?
It can store itself as a .DLL file. Dynamically Library Linked (DLL) files has been used by application as their plugins. These files works as a driver for the applications. In case of Mobile devices, this Trojan can modify itself and could store itself as program files of commonly used mobile applications such as Notepad++, TrueCrypt and Firefox. When user will launch these applications, this Trojan will automatically turn it on in background.
How to trace this Trojan?
According to Malware Analysts of ESET, it is very difficult to trace this Trojan. Even best tools are unable to detect it. The only reason behind this is, this Trojan resides on the USB device only and it will not do work by going outside the USB. This is a smart Trojan and does not leave any evidence behind. People should avoid to use that USB devices which were attached with untrustworthy third party computer systems and sources. This is the only way to protect your system from this dangerous Trojan.Security Tips for Users to Avoid this Trojan
- Organise cyber security programs to aware your employees. More knowledge they will have, more secure their systems will.
- If the USB ports which are not in use, disable them. Hackers can use these ports to spread malware in to your systems.
- Do not attached that USB devices, which were attached with public systems. For example computer systems of a Cyber Café.
- Make some special rule sets in their systems to avoid malicious entries.
