In the first half of 2023, USB drives remained a preferred tool for cybercriminals to unleash malware. There have been reports that Snowydrive and Sogu malware infections are on the surge around the world.
Snowydrive USB Malware
Snowydrive malware infection begins with the victim being enticed to click on a seemingly authentic executable file located in the root folder of a USB drive.
Once the file is executed, it initiates an infection chain that leads to the download and installation of a backdoor named Snowydrive , powered by shellcode.
Furthermore, the malware spreads itself to any removable drives connected to the compromised system. Alongside this propagation, Snowydrive carries out various additional operations, including writing or deleting files, triggering file uploads, and executing reverse shell commands. This complex set of actions amplifies the extent of the infection and the potential damage caused by the malware.
Sogu USB Malware
The malware infection, allegedly orchestrated by the cyberespionage group TEMP.Hex, targeted organizations in Europe, Asia, and the U.S., spanning both the public and private sectors.
The attack method employed USB flash drives to deliver the Sogu malware, enabling the theft of sensitive data from the compromised hosts. These flash drives were loaded with multiple malicious software, utilizing a DLL hijacking technique to surreptitiously download the final payload into the memory of the infected systems.
Once activated, the Sogu malware executed a wide range of malicious actions, including capturing screenshots, logging keystrokes, establishing reverse shell connections, and creating remote desktop connections to execute additional harmful files.
The stolen data was discreetly exfiltrated to the Command and Control (C2) server through a custom binary protocol over TCP, UDP, or ICMP, allowing the attackers to cover their tracks effectively.
The attack campaign was widespread, targeting industries as diverse as construction, engineering, government, manufacturing, retail, media, and pharmaceuticals, posing a significant threat to various sectors.