Īoqin Dragon has used a dropper that employs a worm infection strategy using a removable device to breach a secure network environment. When the device is inserted into another system, it opens autorun.inf and loads the malware. If malware that is compatible with the connected system is on the mobile device, the malware could infect the machine (especially if Autorun features are enabled).Īgent.btz drops itself onto removable media devices and creates an autorun.inf file with an instruction to run that file. For example, when a smartphone is connected to a system, it may appear to be mounted similar to a USB-connected disk drive. This infection may be achieved using devices (Android, iOS, etc.) and, in some instances, USB charging cables. Mobile devices may also be used to infect PCs with malware if connected via USB. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes.
0 kommentar(er)
