FBI Warns of FIN7 hacking Groups Sending USB Flash Drives, Gift Cards, and Adorable Teddy Bears to Infect Your Computer
The US Federal Bureau of Investigations (FBI) warned of a new malware attack in which hackers are sending weaponized USB flash drives to victims using US Postal mail. So, no phishing emails this time – victims receive malware delivered via physical snail mail! This cyber attack gets even more unique as the hackers may also a gift as well – either a gift card or a teddy bear via postal mail. The FBI says that an organized hacking group is known as FIN7 which is known for stealing money from target businesses.
If the recipient inserts the flash drive into their computer, it infects their device with a JavaScript backdoor called GRIFFON.
The FBI warning stated that hackers from FIN7 mailed these packages using regular US Postal mail to businesses targeting employees in their human resources, IT, or executive management departments. These packages may or may not also include a gift card or other gifts like a plush teddy bear. Either way, the USB flash drive is accompanied by a letter that instructs the victim to insert the flash drive into their computer to see list of eligible products they can use the gift card to purchase.
USB drives can be preloaded with computer code that your computer will recognize as a keyboard. The USB drive can auto run computer code that sends keyboard strokes that your computer will respond just as if you were typing commands.
“Recently, the cybercriminal group FIN7, known for targeting such businesses through phishing emails, deployed an additional tactic of mailing USB devices via the United States Postal Service (USPS). The mailed packages sometimes include items like teddy bears or gift cards to employees of target companies working in the Human Resources (HR), Information Technology (IT), or Executive Management (EM) roles,” the FBI alert states.
In 2018, the FBI explained how FIN7 hacked and stole fifteen million payment cards from hundreds of US companies. The hacking group breached the IT networks of companies across 47 states plus the District of Columbia and stole over 15 million customer payment card records from more than 6,500 individual point-of-sale terminals. Three members of the group were arrested.
Once a device is compromised it executes JavaScript that can collect system information about the infected device and may download more malware. The goal of a keylogger is to record all of the keystrokes on a computer hoping to capture usernames, passwords, email address, and credit cards, or anything else valuable and send it back to the hackers. Since this malware attack is targeting human resource professionals at businesses, it is possible identity theft is also a goal. HR personnel are often the target of W-9 tax scams and other tax scams. Once system information is collected, the malware attempts to elevate itself to admin privileges.
What is FIN7?
FIN7 is an organized group of hackers with primarily targets retail businesses, restaurants, and the hospitality sector in the United States to steal money from them. FIN7 is also referred to as the Carbanak Group or the Navigator Group and has been around since 2015. The hacking group often uses phishing emails and hacks point of sale terminals to carry out their attacks.
How to Stop this USB Flash Drive Malware Attack
Never insert a USB flash drive into your computer if it from someone you don’t know or trust. Obviously, if you randomly receive a flash drive in the mail, destroy it. See our video on how to destroy a USB Flash Drive.
