Warning — These Data Hackers Target Your USB Flash Drive

Hackers are nothing if not creative. When it comes to uncovering previously unknown vulnerabilities in Google products and services or earning big money from Microsoft bug bounty programs, that’s a good thing. But when those skills are being used for purely malicious purposes, like targeting your humble USB flash drive with advanced persistent threats (APTs), that's a cause for concern.

Meet Goffee, a threat actor that has been active since at least 2022, but gained significant attention in the second half of 2024. This group was previously unknown to many experts, including myself, and it seems that they've been flying under the radar until now. However, with reports of attacks on strategic sectors in Russia, including government agencies, critical infrastructure such as energy providers, media, and telecoms, we can't afford to ignore this threat any longer.

A new report from Kaspersky threat intelligence analysts has shed light on how Goffee hackers are targeting the data held on removable USB flash drives. Although these attacks are currently limited to Russian victims, it's essential to take note that the technology used could easily be aimed at anyone, anywhere.

The Goffee Attack Arsenal

According to Kaspersky security researcher Oleg Kupreev, there are two components within the Goffee attack arsenal specifically designed to target removable media: FlashFileGrabberOffline and FlashFileGrabber. Let's take a closer look at each of these tools.

FlashFileGrabberOffline: This offline variant searches removable media for files with specific extensions and copies them to the local disk using newly created subdirectories in the TEMP folder and a free.db file to store metadata. The malware seems to be designed to remain undetected on infected systems.

FlashFileGrabber: This version adds functionality that allows it to communicate with a server to which the stolen files are dispatched, making it even more sophisticated than its offline counterpart. These tools demonstrate the Goffee group's commitment to targeting sensitive data held on removable USB flash drives.

Mitigating the Flash Drive Data Threat

Given that the Goffee hackers' primary goal is to steal sensitive information from removable USB flash drives, we need to take proactive measures to protect ourselves. The best defense against this threat starts with a phishing campaign. Yes, you read that right – phishing. Just like with any other malware attack, the attackers first try to lure their victims into opening a malicious email or link.

To safeguard your data, make sure to follow all the usual advice when it comes to preventing phishing attacks and securing your removable flash drive data. Here are some tips:

• Ensure that all removable flash drive data is securely encrypted.
• Use strong antivirus software that includes protection against malware designed for USB drives.
• Maintain a backup of your sensitive files and keep them in a safe location, such as an external hard drive or cloud storage.
• Be cautious when using public computers or USB drives, especially if they appear to be infected with malware.

The threat landscape is constantly evolving, but it's crucial that we stay informed and take action to protect ourselves against emerging threats like Goffee. Remember, security starts with awareness, so keep an eye out for any suspicious activity and take proactive steps to safeguard your data.