By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Gun GravyGun GravyGun Gravy
Notification Show More
Font ResizerAa
  • Home
  • Latest News
  • Firearms
  • Tactical
  • Videos
Reading: Hackers using malware to steal data from USB flash drives
Share
Font ResizerAa
Gun GravyGun Gravy
  • Latest News
  • Firearms
  • Tactical
  • Videos
Search
  • Home
  • Latest News
  • Firearms
  • Tactical
  • Videos
Have an existing account? Sign In
Follow US
Gun Gravy > Latest News > Hackers using malware to steal data from USB flash drives
Hackers using malware to steal data from USB flash drives
Latest News

Hackers using malware to steal data from USB flash drives

Jim Flanders
Last updated: April 20, 2025 3:22 pm
Jim Flanders Published April 20, 2025
Share
SHARE

Cybercriminals are constantly finding new ways to steal your data. As people become more aware of common threats like phishing links, fake websites, fraudulent emails and impersonation scams, attackers are becoming more creative in their approach.

One of the newer methods they are using involves targeting USB flash drives. It may seem surprising that they would focus on something as simple as a flash drive, but the data it holds can be valuable. 

Plus, flash drives can be used to spread malware to other devices.

STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS — SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW

Why target USB flash drives?

USB drives are ubiquitous in workplaces, especially in environments with air-gapped systems or restricted internet access, such as those in government and energy sectors. This makes them an easy target for data theft and malware propagation. Often, these drives store sensitive files that are not available on networked systems. 

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

When infected, USB drives can spread malware not just within a single organization but also across multiple entities if shared. These attacks don’t rely on network vulnerabilities, allowing them to bypass traditional security tools. 

flash drive hacker 2

200 MILLION SOCIAL MEDIA RECORDS LEAKED IN MAJOR X DATA BREACH 

How hackers are targeting your USB drives

As reported by Kaspersky’s Securelist, a cybersecurity research platform, hackers are using USB drives to spread malware in ways that can easily bypass traditional security systems. One group, known as GOFFEE, kicks off its attacks with targeted phishing emails. These emails often carry infected RAR files or Office documents with harmful macros. Once opened, they install sneaky programs like PowerModul and PowerTaskel on the victim’s system.

These tools don’t just sit around. They lay the groundwork for more attacks. PowerModul, in particular, plays a big role. It’s a PowerShell script introduced in 2024 that talks to a command-and-control (C2) server. From there, it can download and run other tools, including two especially dangerous ones, FlashFileGrabber and USB Worm.

FlashFileGrabber is made to steal data from USB drives. It can either save stolen files locally or send them back to the hacker’s server. Then there’s USB Worm, which infects any USB drive it finds with PowerModul, turning that drive into a tool for spreading malware to other systems.

What makes this method effective is that USB drives are often shared between people and offices. That physical movement allows the malware to spread even without an internet connection. The malware hides original files on the USB and replaces them with malicious scripts disguised as normal-looking shortcuts. When someone clicks one of these, they unknowingly trigger the infection.

flash drive hacker 3

MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT

4 practical ways to stay safe from USB-targeted attacks

1. Don’t plug in unknown USB drives: It might sound obvious, but this is one of the most common ways malware spreads. If you find a USB drive lying around or someone gives you one you weren’t expecting, avoid plugging it into your system. Attackers often rely on human curiosity to get the malware onto your machine.

2. Be extra cautious with email attachments: GOFFEE’s campaigns often begin with phishing emails carrying malicious RAR files or Office documents with macros. Always double-check the sender’s address and never open unexpected attachments, especially if they ask you to “enable macros” or come from unknown contacts. When in doubt, confirm through a different channel.

3. Avoid clicking on suspicious links and use strong antivirus software: Many attacks like GOFFEE’s start with emails that look legitimate but contain malicious links. These links might lead you to fake login pages or silently download malware that sets the stage for USB-targeting tools like PowerModul.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4. Scan USB drives before use: The USB Worm infects USB drives by hiding original files and planting malicious scripts disguised as shortcuts, which trigger PowerModul when clicked. FlashFileGrabber also steals files silently from USBs, often going unnoticed. Always scan USB drives with updated antivirus software before opening any files. Use a reputable security tool to check for hidden scripts, unusual shortcuts or unexpected executables. If files appear renamed or hidden, don’t click them until verified safe. 

DATA REMOVAL DOES WHAT VPNS DON’T: HERE’S WHY YOU NEED BOTH 

Kurt’s key takeaway

Cybercriminals thrive where convenience meets oversight. However, it’s worth considering why USBs remain such a soft target. They’re not just storage but a cultural artifact of workplaces, especially in high-stakes sectors like energy or government, where offline data transfer feels safer than the cloud. But that trust is a blind spot. Attackers like GOFFEE don’t need zero days because they can exploit human habits such as sharing drives, skipping scans and clicking without thinking.

How often do you plug in a USB drive without scanning it first? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com.  All rights reserved.

Read the full article here

You Might Also Like

Powerball jackpot winner arrested after kicking deputy in face: authorities

3 killed in West Bank ‘shooting spree’ including Israeli police officer: reports

New York inmate dies in prison as guards continue strike deemed illegal under state law

Tufts University student arrest generates 10x more coverage from legacy news than MS-13 gang leader: study

Mainstream media outlet slammed for ‘disgraceful’ reporting on family of alleged Boulder terrorist

Share This Article
Facebook Twitter Email Print
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

We Recommend
Congressional intern gunned down in DC street shooting wasn’t intended target: police
Latest News

Congressional intern gunned down in DC street shooting wasn’t intended target: police

Jim Flanders Jim Flanders July 3, 2025
Bryan Kohberger Pleads Guilty To Idaho Student Murders In Surprise Deal
NAVY SEAL TOP 3 SHOOTING DRILLS PT. 2- BOX DRILL #shorts #navyseal
DOJ indicts suspect who went viral for delivering protective gear to anti-ICE protesters on live TV
How do you zero in your red dot? 🤔
Shooting the Springfield Trapdoor Rifle 🇺🇸
17 Most Affordable & Reliable Revolvers for Seniors in 2025!
Videos

17 Most Affordable & Reliable Revolvers for Seniors in 2025!

Survival Gear Survival Gear July 2, 2025
NAVY SEAL TOP 3 SHOOTING DRILLS PT. 1- TARGET ACQUISTION #shorts #navyseal
Videos

NAVY SEAL TOP 3 SHOOTING DRILLS PT. 1- TARGET ACQUISTION #shorts #navyseal

Tactical Rifleman Tactical Rifleman July 2, 2025
US Halting Some Weapons Shipments To Ukraine As Own Military Stockpiles Plummet
Tactical

US Halting Some Weapons Shipments To Ukraine As Own Military Stockpiles Plummet

Jim Flanders Jim Flanders July 2, 2025
  • Latest News
  • Videos
  • Tactical
  • Firearms
2024 © Gun Gravy. All Rights Reserved.
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?