ESET discovers 'unique' self-protecting USB trojan
ESET has detected an undetectable malware. The security firm recently said to have discovered what it now calls Win32/PSW.Stealer.NAI, also known as the USB Thief.
The malware is designed to steal data and is, according to the firm, basically undetectable. It cannot be copied or reverse-engineered, making it extremely difficult to detect or analyze.
However, the vast masses of the internet are pretty safe -- it’s bound to a single USB device, preventing it from leaking from the target systems. ESET’s malware analyst Tomáš Gardoň said it looks as this malware was designed for "targeted attacks on systems isolated from the internet".
What makes it difficult to discover is that it behaves as a plugin source of portable applications or just a library -- DLL -- used by the portable application. ESET gives an example: if an app like Firefox portable is executed, the malware is run with it.
"This is not a very common way to trick users, but very dangerous. People should understand the risks associated with USB storage devices obtained from sources that may not be trustworthy", warns Tomáš Gardoň.
Explaining the technical details of the malware on its blog, ESET says this self-protecting multi-stage malware is very powerful, mostly as it leaves no traces of ever being present on a system. "After the USB is removed, nobody can find out that data was stolen", it says, adding that it currently "just" steals files, but could be redesigned to do pretty much anything else.
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.