Although the feeling of receiving a gift is very good, you get carried away. If you happen to receive a mail called BESTBUY and with a USB drive in it, please don’t connect this USB drive to your computer or other devices. Why? This is because the best buy gift card on USB drive has been proved to be a malicious attack.
Nowadays, there are a lot of people reporting the same issue – they receive a letter from Best Buy and a USB flash drive is included. That is to say, a USB thumb drive is sent to many people for free with a Best Buy gift card in an envelope. I have to warn you that please don’t rejoice just yet since that USB drive is full of malware!
Please choose suitable MiniTool software to protect your system & data.
Don’t Trust the Best Buy USB Drive
According to a report from Trustwave (a cyber-security firm), unknown attackers have sent the Best Buy USB drive as well as a Best Buy gift card to people by disguising as the Best Buy officials; the USB flash drive was found to be filled with malware after tests. Obviously, the purpose of giving such thumb drive free is to lure people to connect it to their computer so as to attack the system & steal data.
Please take a look at the malware prevention policy!
The USB pen drive is declaimed as part of the gift card (worth $50) from Best Buy; the attackers mailed it with a letter in February to thanks people for being a long-time customer. The exact content of the letter is:
February 12, 2020
Dear *,
Best Buy company thanks you for being our regular customer for a long period of time, so we would like to send you a gift card in the amount of $50. You can spend it on any product from the list of items presented on a USB stick.
Thank you again for choosing us!
Sincerely,
Jonas Nills
Customer Relations
By the way, do you want to know how to recover files after virus attack?
How Did the USB Stick Attack Your System
If you do as the attackers ask you to do – connect the USB stick to your device to access the items list, you’ve fallen into their trap. According to Trustwave, this is a BadUSB attack; it can hijack a Windows system easily by delivering malicious code.
The Best Buy USB drive (which comes with the Best Buy gift card) has been programed to emulate a USB-connected keyboard to gain the trust of the computer. Your PC will trust keyboard USB devices by default; once you connect this USB drive to PC, it can inject malicious commands automatically.
The USB stick is called a BadUSB by security experts since it can function as a keyboard after being connected to PC and it’s able to launch several automated attacks by emulating keypresses to launch PowerShell. Then, the malware will be installed and JScript bot will be unpacked to execute additional malware.
[Guide] How To Perform USB Stick Recovery On Your PC?
Who Started the BadUSB Attack
It is said that a cybercriminal gang named “FIN7 APT” started the social engineering attack by mailing the letters, USB drive, and gift card to several businesses. Their main targets are employees in IT, human resources, and executive management departments.
Though Trustwave can’t tell the name of the target company due to confidentiality reasons, some victims realized that it is an attempted hack, so they refuse to connect the USB drive and ask it to investigate the incident.
Later, a file was uploaded on VirusTotal – a file scanning engine based on web; it is similar to the malware Trustwave has analyzed earlier. According to the subsequent analysis from Facebook and Kaspersky researchers, the uploaded file is actually the work of the FIN7 cyber gang. But till now, there’s still no clear answer of who upload this file.
In fact, the BadUSB attack was firstly appeared at the start of the 2010s. For years, it has been a theoretical attack scenario to warn employees. The FBI spokesperson said that anyone or company who have received the Best Buy USB drive should report the incident to the local FBI office in order to promote further investigations.
User Comments :