Cybercriminals are constantly finding new ways to steal data. As people become more aware of common threats like phishing links, fake websites, fraudulent emails, and spoofing scams, attackers are becoming more creative with their approach.
One of the new ways they are using involves targeting USB flash drives. It may be surprising to focus on something simple like a flash drive, but the data it holds is valuable.
Additionally, flash drives can be used to spread malware to other devices.
People plugging into laptop with USB flash drive (Kurt “Cyberguy” Knutsson)
Why target USB flash drives?
USB drives are ubiquitous in environments where air rating systems and internet access are restricted, especially in workplaces, especially in the government and the energy sector. This makes it an easy target for data theft and malware propagation. In many cases, these drives store sensitive files that are not used on networked systems.
What is Artificial Intelligence (AI)?
If infected, your USB drive may spread Malware It spans multiple entities when shared, not just within a single organization. These attacks do not rely on network vulnerabilities and allow traditional security tools to be bypassed.
USB flash drive connected to laptop (Kurt “Cyberguy” Knutsson)
200 million social media records have been leaked in major X data breaches
How Hackers are Targeting USB Drives
As reported by Kaspersky SecuritiesHackers, a cybersecurity research platform, use USB drives to spread malware in a way that allows them to easily bypass traditional security systems. One group known as Goffee launches attacks with targeted phishing emails. These emails often carry office documents with infected RAR files or harmful macros. Once opened, they install sleazy programs like PowerModul and PowerTaskel on the victim’s system.
These tools aren’t just sitting there. They lay the foundation for more attacks. PowerModul in particular plays a major role. This is a PowerShell script introduced in 2024 and discusses it with a Command and Control (C2) server. From there you can download and run two particularly dangerous tools, including FlashFileGrabber and a USB worm.
FlashFileGrabber is created to steal data from a USB drive. You can save the stolen file locally or send it back to the hacker’s server. Next is the USB worm. This infects a USB drive found in PowerModul and turns that drive into a tool to spread malware to other systems.
What makes this effective is that USB drives are often shared between people and the office. Its physical movement allows malware to spread without an internet connection. The malware hides the original file on the USB and replaces it with a malicious script that disguises it as a seemingly normal look. When someone clicks on any of these, they unconsciously cause an infection.
Click here to get your Fox business on the go
Hacker illustration at work (Kurt “Cyberguy” Knutsson)
Malware reveals 3.9 billion passwords with huge cybersecurity threats
Four practical ways to keep you safe from USB targeted attacks
1. Do not plug in unknown USB drives: It may sound obvious, but this is one of the most common ways malware can spread. If the USB drive is lying down or someone is giving you something you didn’t expect, don’t plug it into the system. Attackers often rely on human curiosity to put malware on their machines.
2. Pay particular attention to email attachments: Goffee’s campaigns often start with phishing emails carrying malicious RAR files or office documents using macros. Always double-check the sender’s address and never open unexpected attachments, especially if you ask them to “enable macros” or come from an unknown contact. If you are in doubt, check through another channel.
3. Avoid clicking suspicious links and use powerful antivirus software. Many attacks like Goffee start with emails that appear legal but contain malicious links. These links could lead to fake login pages or quietly download malware that sets the stage for USB targeting tools such as PowerModul.
The best way to protect yourself from malicious links to install malware is to install powerful antivirus software on all your devices, as it may access your personal information. This protection can also warn you that it will phish email and ransomware fraud and keep your personal information and digital assets safe. Get the best 2025 Antivirus Protection Winners picks for Windows, Mac, Android and iOS devices.
4. Scan the USB drive before use. The USB worm infects the USB drive by hiding the original file and planting malicious scripts that disguise the shortcut. FlashFileGrabber also quietly steals files from USB, often unnoticed. Always scan your USB drive with updated antivirus software before opening the file. Use a reputable security tool to check for hidden scripts, unusual shortcuts, or unexpected executables. If the file appears to be modified or hidden, do not click until it is safely verified.
Data deletion does something VPN doesn’t: this is why both are needed
Important points of cart
Cybercriminals thrive where convenience meets surveillance. However, it is worth considering why USB remains a soft target like this. They are not just storage, but cultural artifacts in the workplace, especially in high stakes sectors such as energy and government, where offline data transfers feel safer than the cloud. But that trust is a blind spot. Attackers like Goffee don’t need zero days as they can take advantage of human habits such as sharing drives, skipping scans, and clicking without thinking.
How often do you connect a USB drive without first scanning? Write us and let us know cyberguy.com/contact
Click here to get the Fox News app
For more information about my tech tips and security alerts, sign up for our free Cyberguy Report Newsletter cyberguy.com/newsletter
Ask us a question in our cart or let us know what you want us to cover
Follow your cart on his social channels
Answers to the most asked Cyber Guy questions:
New from Cart:
Copyright 2025 cyberguy.com. Unauthorized reproduction is prohibited.
