Checkpoint has issued a warning regarding malware that was originally intended to spread via USB drives but is now infecting networked storage devices. The infection, affiliated with the Camaro Dragon attack organization, is comparable to the strategies used by other attack groups such as Mustang Panda and LuminousMoth. Despite Camaro Dragon’s primary focus on Asian targets, the initial infection was identified in Europe after an employee unintentionally inserted the infected USB stick into their hospital’s computer systems after returning from an Asian conference.
The malware, according to Checkpoint, spreads via a backdoor activated by a malicious Delphi launcher contained on the infected USB drive. When triggered, the backdoor copies malware to other disks connected to the infected machine. Because malware can install itself on newly connected network drives, this behavior poses a serious risk to enterprise IT settings. Although this inadvertent network expansion is undesirable, it does allow the malware to travel laterally and infect additional systems. The unintended infection of networked storage devices underscores the gravity of the situation, as these devices frequently store crucial and sensitive data in many enterprises. Furthermore, the virus exhibits additional problematic characteristics, such as DLL-side-loading employing components of security software and large gaming firms. Checkpoint has informed the relevant game developers of their inadvertent participation in Camaro Dragon’s actions.
The popularity of self-propagating USB malware and its capacity to infect networked storage devices highlights the importance of protecting companies against such threats, even if they are not the primary targets of the campaigns. Checkpoint recommends deploying measures to protect against this form of malware, noting the possible threats to network security and data exfiltration. Proactive methods can aid in mitigating the unintentional propagation of malware within organizational IT infrastructures, as well as minimizing the potential damage caused by these malicious activities.
