top | item 32504212

(no title)

arwt | 3 years ago

The risk has always been there with this kind of attack. The severity, as always, depends on the attackers' modus operandi. Nothing has changed. Only the tools which are dropped onto the machine have changed - which really isn't specifically relevant to this kind of attack. (Spy|Mal)ware adapts, as it always will. Harvesting saved browser passwords is nothing new. In this case, it's a marketing gimmick.

It's fun that it is customisable via a programming language. But really - this doesn't add anything new to the table at all. I bet you could do all of this with the previous generation of rubber duckies with a little bit of know-how. Drop a basic reverse shell (providing no firewall restrictions or whatever), and you can do what you want.

The same prevention guidelines apply as always. Don't plug random USB devices into your computer.

discuss

No comments yet.