The Taiwanese investigation office handed out malicious pendrives - the story has a Polish thread

At the end of last year, the Taiwanese investigating office organized a quiz to check knowledge of cyber security. The prize for the participants turned out to be ... virus-locked pendrives. The malicious software implanted on the devices was supposed to steal confidential data of users, then transfer them to Polish servers, from which they were further transmitted to unknown cybercriminal servers.

The malicious software called XtbSeDuA.exe was included in every fifth of 250 eight-gigabyte flash drives distributed among the winners of the cyber security quiz. Distribution of prizes has been suspended, when the winners informed the organizer of the competition - the National Bureau of Investigation (CBI) - about the suspicious content of devices that has been detected by antivirus programs.

How did the carriers get infected?

During the investigation, it turned out that the infection was vaccinated at the local counterparty's station of the National Bureau of Investigation. Infection occurred while testing the device's capacity - copying the operating system's memory to a USB drive.

Modified pendrives steal confidential user data, which were then transmitted to Polish servers - information from them was passed on to unidentified cybercriminal servers. The spy actions of the Chinese government were excluded as the cause of the attack. It was possible to confirm that the virus implanted on pendrives was used by cyber criminals, who have been chasing Europol since 2015.

As indicated by ESET experts, the disruption of the distribution of infected flash drives has in the past counted large and well-known organizations. In 2008, an Australian telecommunications company distributed infected USB carriers during a security conference. Two years later, IBM did exactly the same.

Large corporations should have specific safety procedures developed, which can significantly reduce the risk of such mishaps. However, caution is not only on the side of companies, but also users. On the other hand, this example showed how low level of cybersecurity knowledge prevails among computer users. An effective element of protection against hidden threats on pendrives is the use of an anti-virus application, each time after connecting the USB device to the computer, it will check whether it contains dangerous content for the user - explains Kamil Sadkowski, an ESET threat analyst.

This thesis is confirmed by the results of Google's experiment with scientists from the University of Illinois and Michigan in 2016, in which 300 flash drives were left at various places on the campus. Half of them have been used without fear by the students' unconscious threats.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.