Danger USB! Oz police warn of malware in the letterbox

Residents down under blighted by a plague of malicious USB sticks.

Graham Cluley
Graham Cluley
@[email protected]

Malicious USB sticks

Police in Victoria, Australia, are warning computer owners to be on their guard… not against suspicious arrivals in their email inbox, but malicious USB sticks turning up in their letterboxes:

Members of the public are allegedly finding unmarked USB drives in their letterboxes.

Upon inserting the USB drives into their computers victims have experienced fraudulent media streaming service offers, as well as other serious issues.

The USB drives are believed to be extremely harmful and members of the public are urged to avoid plugging them into their computers or other devices.

According to the report, residents of Melbourne suburb Pakenham have been the unfortunate recipient of the malware-laden thumb drives.

Of course, we’ve known that USB sticks can carry malware for many years and have long warned users against plugging unknown devices into their computers. The method was most infamously used in Stuxnet – a joint US/Israeli operation to disrupt systems at the Natanz uranium enrichment facility in Iran, and other victims of USB attack have included the United Nations Nuclear Agency in the past, amongst many others.

Sign up to our free newsletter.
Security news, advice, and tips.

One of the most well-known tricks used by criminals and penetration testers is to leave a poisoned USB stick in the car park of the business they are targeting and wait for a curious employee to pick it up and plug it into their computer.

We’ve even seen boobytrapped USB sticks that can fry your computer hardware within seconds.

Astronauts have even transported malware-infected USB sticks or compact flash cards up to the International Space Station.

So, malware-laden USB sticks are a problem in every corner of the world, and even in orbit.

Every USB stick you receive should be treated with caution – as it could potentially carry a malicious payload as the residents of Pakenham have found out to their cost. Of course, if you have come into possession of an unsolicited USB drive then you should be particularly cautious about plugging it into your computer.

The one potential ray of sunshine in this security thunderstorm? Just how desperate must the criminals have been to target home owners in this way? In some ways it’s rather refreshing that they have had to go to the effort of buying USB sticks, planting malware on them, and then posting them through letterboxes in search of victims… it certainly sounds like harder work than the usual trick of spamming out attacks via email.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.