A unique data-stealing trojan has been spotted on USB devices in the wild – and it is different from typical data-stealing malware. Each instance of this trojan relies on the particular USB device on which it is installed and it leaves no evidence on the compromised system. Moreover, it uses a very special mechanism to protect itself from being reproduced or copied, which makes it even harder to detect.
In this article we will examine the technical details of this interesting malware.
Where other malware uses ‘good old-fashioned approaches’ like Autorun files or crafted shortcuts in order to get users to run it, USB Thief uses also another technique. This method depends on the increasingly common practice of storing portable versions of popular applications such as Firefox, NotePad++ and TrueCrypt on USB drives.