The Diabolic Drive’s name sounds as ominous as its potential payload. The recently developed USB wireless keystroke injection tool is intended to stress test networks, but could it potentially be used as a means to steal cryptocurrency from unwitting users?
The new gadget is set to be used by cybersecurity experts to test networks and business infrastructure against threats. As recent reviews highlight, the 64GB drive is Wi-Fi enabled once plugged into a system, allowing a user to access the connected device remotely.
According to a hardware review by Geeky-gadgets, the Diabolic Drive can fire a payload of a hypothetical malicious script remotely and can even be pre-programmed to execute commands as soon as it is plugged into a device.
These devices are impressive and scary. Amazing what can be built so easily and dangerous for those who are careless and don’t understand them. | Diabolic Drive is a penetration testing USB key with 64GB storage, ESP8266 and ATmega32U4 microcontrollers https://t.co/dBI6TTFhjq
— Scott C. Lemon (@humancell) July 7, 2023
Consider the scenario. You attend your favourite cryptocurrency conference and receive a nifty new USB as a gift from promoters on the floor. Plugging the device in after you open your laptop, the device has already begun injecting malware onto the system that will allow an attacker to steal your cryptocurrency holdings from your go-to wallet browser extension.
It’s a nightmare hypothetical scenario that still warrants some exploring of the “what if’s”. Cointelegraph reached out to a handful of cybersecurity firms to unpack the threat of a USB injection tool and the potential for attackers to steal your coins.
Zeki Turedi, CrowdStrike’s field CTO for Europe, said that USB keystroke and wireless keyboard/HID devices have been part of a penetration tester’s arsenal for many years:
“They simply allow, once the device has been plugged in, to run commands wirelessly or automatically into a victim’s machine. These devices themselves are not exactly malicious – it is the keystrokes that come after this that potentially could be.”
Turedi said that a device could then download malicious software giving an attacker control of the system. From there, the possibilities are endless, including the ability to “steal a victim’s crypto funds”.
A member of CertiK’s security team also told Cointelegraph that the Diabolic Drive could be used to steal cryptocurrency, while conceding that most devices…
Click Here to Read the Full Original Article at Cointelegraph.com News…
