Electronic cigarettes exploited in the wild to serve malware

  • 23 November 2014
  • 2 replies
  • 679 views

Userlevel 7
Badge +54
by Pierluigi Paganini on November 23rd, 2014
 
A report posted on the social news Reddit website reported a strange case occurred to a particular executive that discovered a malware in his system without immediately identify its source.
“One particular executive had a malware infection on his computer from which the source could not be determined,” reported a Reddit user “After all traditional means of infection were covered, IT started looking into other possibilities.
Investigating on the case, the man discovered that the electronic cigarettes were provided by a malware hardcoded into the charger, once the victim will connect it to the computer the malicious code will contact the C&C server to drop other malicious code and infect the system
“The made in China e-cigarette had malware hardcoded into the charger, and when plugged into a computer’s USB port the malware phoned home and infected the system.”
 
Full Article

2 replies

Userlevel 7
Badge +56
@ wrote an blog about that case here.
Userlevel 7

http://i.guim.co.uk/static/w-620/h--/q-95/sys-images/Guardian/Pix/pictures/2014/11/21/1416585032733/9de877a9-2e8c-4085-bbbb-d80bd2f85034-620x372.jpg E-cigarette can either be charged from the wall or by plugging the cigarette itself into a USB port. Photograph: Ian West/PAAlex Hern
Friday 21 November 2014 11.37 EST

 

E-cigarettes may be better for your health than normal ones, but spare a thought for your poor computer – electronic cigarettes have become the latest vector for malicious software, according to online reports.
Many e-cigarettes can be charged over USB, either with a special cable, or by plugging the cigarette itself directly into a USB port. That might be a USB port plugged into a wall socket or the port on a computer – but, if so, that means that a cheap e-cigarette from an untrustworthy supplier gains physical access to a device.
A report on social news site Reddit suggests that at least one “vaper” has suffered the downside of trusting their cigarette manufacturer. “One particular executive had a malware infection on his computer from which the source could not be determined,” the user writes. “After all traditional means of infection were covered, IT started looking into other possibilities.
 
 
full article

Reply