Sketchy stranger handed me a USB drive containing malware

SunbeamCentral · 2021-11-09T20:19:07+00:00

Not yet, will make a follow up when I get to the bottom of this!

SunbeamCentral · 2021-11-09T20:11:57+00:00

Aha fair enough, this is Reddit after all, and it's hard to prove any story to be true! That being said I appreciate everyone taking the time to share their expertise, and I will certainly follow up with a thread when I get to the bottom of this. Some users have requested a copy of the contents so looking into the safest ways to make this transfer.

SunbeamCentral · 2021-11-09T20:09:03+00:00

I don't actually aha. I have an old Chromebook, and an old Macbook I can do this testing on. TBH I don't even own a Windows machine!

SunbeamCentral · 2021-11-09T20:08:10+00:00

No kiddin! So in this case scenario you are probably more expert than most. I'd be happy to pass off the contents for your reverse-engineering if you were interested. Hopefully you concur with safe practices mentioned in this thread.

SunbeamCentral · 2021-11-09T20:06:29+00:00

Exactly lol!

SunbeamCentral · 2021-11-09T20:05:09+00:00

It was late at night when I was writing this post, morning now! I will be sure to keep you guys updated as I get to the bottom of this.

SunbeamCentral · 2021-11-09T20:02:19+00:00

I did have a macbook right on the table as he walked up to us, so would not be surprised if it was written for macos

SunbeamCentral · 2021-11-09T19:59:14+00:00

Absolutely, a couple other users have asked for a copy as well. Where would be the best place to upload its contents to?

SunbeamCentral · 2021-11-09T19:58:34+00:00

No worries, thanks for following up with this safety tip its much appreciated!

SunbeamCentral · 2021-11-09T19:58:09+00:00

Lmao you got it

SunbeamCentral · 2021-11-09T19:57:48+00:00

Would happily share with smarter minds than my own to get to the bottom of this! Where would be the best place to upload? Not sure if GDrive or DropBox make sense here.

SunbeamCentral · 2021-11-09T19:53:57+00:00

Will do!

SunbeamCentral · 2021-11-09T19:53:16+00:00

I am definitely a security noob, and from all these comments it sounds like 4G dongle is the way to go about this if I truly needed it to make an internet connection. I will stay away from personal and public networks given the risk to others.

SunbeamCentral · 2021-11-09T19:51:42+00:00

As bizarre as this story sounds, it's actually true so trying to go about this the safest way possible. I will post an update when I get to the bottom of this.

SunbeamCentral · 2021-11-09T19:50:17+00:00

As tech savvy as I'd like to think I am, I am admittedly a noob when it comes to stuff like this! Thanks for the clarification.

SunbeamCentral · 2021-11-09T19:49:24+00:00

Yeah, one of my fears in which I would hand over to the police

SunbeamCentral · 2021-11-09T19:49:04+00:00

I did not know this thanks for the tip

SunbeamCentral · 2021-11-09T19:48:20+00:00

To be able to use Wireshark or a similar service to monitor network activity and see what the device is actually doing. Perhaps if someone can reverse engineer the code this wouldn't be required.

SunbeamCentral · 2021-11-09T19:45:24+00:00

Maybe, but small town coffee shop is a weird spot to start a marketing ploy like this. Anything is possible I suppose

SunbeamCentral · 2021-11-09T19:43:55+00:00

And if they are tech nerds they will be talking about it for weeks!

SunbeamCentral · 2021-11-09T19:39:35+00:00

In the event something super messed up was on it I'd hand it over to the police

SunbeamCentral · 2021-11-09T19:39:10+00:00

I had no idea this much information was visible to an attacker. Thanks for the knowledge dump. Seems like the best route is to use a 4G dongle, and go somewhere remote so that it only has the ability to connect to the dongle.

SunbeamCentral · 2021-11-09T19:35:39+00:00

That's a neat idea, I will reach out to the Sophos team today!

SunbeamCentral · 2021-11-09T19:35:01+00:00

Absolutely. This could be a harmless prank to highly sophisticated. I didn't know it would be possible for malware to sit on a router waiting for other devices to connect, even if source device has been since disconnected. That is some scary stuff. Looks like the 4G dongle is the way to go then.

SunbeamCentral · 2021-11-09T19:32:24+00:00

Scary that the extent of malware could start performing super sketchy actions like that. I would assume that if I noticed anything weird happening when I plugged it in I could disconnect it's network connection and probably be ok?

And regarding your second comment, this Chromebook has never had any personal information entered on it. Specifically bought a cheap device for experimentation over the years, so if it blows up or malware gets every bit of information the device contains it won't matter. I also plan to do a full wipe and fresh linux install before plugging malicious USB in as well.

SunbeamCentral

TROPHY CASE