Hackers sending malware infected USBs with Best Buy Gift Cards

Hackers sending malware infected USBs with Best Buy Gift Cards

The infamous FIN7 hacking group is behind this campaign.


The IT security researchers at Trustwave SpiderLabs have identified a new and tricky attack campaign utilizing especially designed USB dongle that acts as a keyboard. In their research, the Trustwave shared details of one of its clients in the US who received malicious USB dongle shipped to their company as a gift card from Best Buy. 


The incident has received so much attention that the FBI had to issue a warning stating that this is the work of cybercrime syndicate known as Fin7, and it is specifically targeting businesses by sending them infected USB devices.


See: Employee infects US govt network with malware after visiting 9,000 porn sites


The attack work in such a way that once these devices are plugged into the PC it downloads and runs a JavaScript backdoor. This technique is usually associated with security researchers for training purposes and it is perhaps the first time that hackers have attempted to use it on a large scale.

According to Trustwave SpiderLabs’ vice president Ziv Mador, the company was notified about this campaign from one of their team members’ business associate, and that a US-based hospitality sector firm received the malicious USB dongle in February.


The USB drive was intelligently packaged by the attackers as the company that received the Best Buy $50 gift card with the drive revealed that the packa ..