View Single Post
  #3   (View Single Post)  
Old 31st December 2019
Beastie Beastie is offline
Daemonology student
Join Date: Jan 2009
Location: /dev/earth0
Posts: 334

Yep, there are hardware keyloggers, rubber duckies (not the yellow bath toy kind), etc. If you're really paranoid, no device can be trusted.

Now if you're talking about those malware that have been infesting USB devices for more than a decade now, then these (used to?) depend on autoruns to execute their payload and/or the user being fooled into opening what they shouldn't (e.g. executables with a "folder" icon). Fortunately pretty much all of these are made for Windows and can quite easily be detected and eleminated. They will often store the payload in directories that have the "hidden" attribute or ones with the "system" attribute such as the "Recycle Bin" or "System Volume Information".
Needless to say most of them will not run on anything other than Windows and will definitely not pose any threat if you don't even mount the device. Also, maybe it's just me but 1) I've noticed a sharp decrease in this kind of USB-borne malware in the past few years and 2) these are more often transmitted through hijacked email accounts.

So theoretically, you mostly have to worry about the first type.
May the source be with you!
Reply With Quote