FBI Warns of FIN7 hacking Groups Sending USB Flash Drives, Gift Cards, and Adorable Teddy Bears to Infect Your Computer
The US Federal Bureau of Investigations (FBI) warned of a new malware attack in which hackers are sending weaponized USB flash drives to victims using US Postal mail. So, no phishing emails this time – victims receive malware delivered via physical snail mail! This cyber attack gets even more unique as the hackers may also a gift as well – either a gift card or a teddy bear via postal mail. The FBI says that an organized hacking group is known as FIN7 which is known for stealing money from target businesses.
The FBI warning stated that hackers from FIN7 mailed these packages using regular US Postal mail to businesses targeting employees in their human resources, IT, or executive management departments. These packages may or may not also include a gift card or other gifts like a plush teddy bear. Either way, the USB flash drive is accompanied by a letter that instructs the victim to insert the flash drive into their computer to see list of eligible products they can use the gift card to purchase.
USB drives can be preloaded with computer code that your computer will recognize as a keyboard. The USB drive can auto run computer code that sends keyboard strokes that your computer will respond just as if you were typing commands.
“Recently, the cybercriminal group FIN7, known for targeting such businesses through phishing emails, deployed an additional tactic of mailing USB devices via the United States Postal Service (USPS). The mailed packages sometimes include items like teddy bears or gift cards to employees of target companies working in the Human Resources (HR), Information Technology (IT), or Executive Management (EM) roles,” the FBI alert states.
In 2018, the FBI explained how FIN7 hacked and stole fifteen million payment cards from hundreds of US companies. The hacking group breached the IT networks of companies across 47 states plus the District of Columbia and stole over 15 million customer payment card records from more than 6,500 individual point-of-sale terminals. Three members of the group were arrested.
What is FIN7?
FIN7 is an organized group of hackers with primarily targets retail businesses, restaurants, and the hospitality sector in the United States to steal money from them. FIN7 is also referred to as the Carbanak Group or the Navigator Group and has been around since 2015. The hacking group often uses phishing emails and hacks point of sale terminals to carry out their attacks.
How to Stop this USB Flash Drive Malware Attack
Never insert a USB flash drive into your computer if it from someone you don’t know or trust. Obviously, if you randomly receive a flash drive in the mail, destroy it. See our video on how to destroy a USB Flash Drive.