Friday, December 2, 2016

E-Cigarettes Are Spreading Malware

Suspect Chinese e-cigarette manufacturers are hardcoding USB charging units with malware. If an infected e-cigarette USB charger is used to connect with a computer, malware can be downloaded. This information is being supplied for your situational awareness.
  • E-cigarettes were invented in 1963, but further developed in 2003.
  • E-cigarettes are charged via USB connected chargers or directly into computers.
  • USBs continue to be infected with malware through hardcoding within the manufacturing process.
Using a USB as a malware delivery system is not a new phenomenon, but illustrates how companies can be easily breached in a very innocuous way. If you have ever questioned the legitimacy of an $5.00 Ebay, made in China USB connected item, you should seriously think twice before purchasing and using it with your computer.

Publication Date: 28 November 2016
Handling Requirements: Traffic light protocol (TLP) GREEN
Attribution/Threat Actors: Chinese e-cigarette manufacturer(s)
Actor Type: Adversary capabilities have been assessed as Tier II
Potential Targets: Financial, business and retail sectors
Past Reporting: DOC-4214