Expand / Collapse search
Watch TV
Menu

This material may not be published, broadcast, rewritten, or redistributed. ©2025 FOX News Network, LLC. All rights reserved. Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by Legal Statement. Mutual Fund and ETF data provided by Refinitiv Lipper.

Recommended Videos

Tech

Hackers using malware to steal data from USB flash drives

What you can do to protect your data from this troubling trick

By Kurt Knutsson, CyberGuy Report Fox News
Published | Updated
NEWYou can now listen to Fox News articles!

Cybercriminals are constantly finding new ways to steal your data. As people become more aware of common threats like phishing links, fake websites, fraudulent emails and impersonation scams, attackers are becoming more creative in their approach.

One of the newer methods they are using involves targeting USB flash drives. It may seem surprising that they would focus on something as simple as a flash drive, but the data it holds can be valuable. 

Plus, flash drives can be used to spread malware to other devices.

Person plugging USB flash drive into laptop (Kurt "CyberGuy" Knutsson)

Why target USB flash drives?

USB drives are ubiquitous in workplaces, especially in environments with air-gapped systems or restricted internet access, such as those in government and energy sectors. This makes them an easy target for data theft and malware propagation. Often, these drives store sensitive files that are not available on networked systems. 

USB flash drive plugged into laptop (Kurt "CyberGuy" Knutsson)

programs like PowerModul and PowerTaskel on the victim’s system.

These tools don’t just sit around. They lay the groundwork for more attacks. PowerModul, in particular, plays a big role. It’s a PowerShell script introduced in 2024 that talks to a command-and-control server. From there, it can download and run other tools, including two especially dangerous ones, FlashFileGrabber and USB Worm.

FlashFileGrabber is made to steal data from USB drives. It can either save stolen files locally or send them back to the hacker's server. Then there’s USB Worm, which infects any USB drive it finds with PowerModul, turning that drive into a tool for spreading malware to other systems.

What makes this method effective is that USB drives are often shared between people and offices. That physical movement allows the

A hacker at work (Kurt "CyberGuy" Knutsson)

MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT

4 practical ways to stay safe from USB-targeted attacks

1. Don’t plug in unknown USB drives: It might sound obvious, but this is one of the most common ways malware spreads. If you find a USB drive lying around or someone gives you one you weren’t expecting, avoid plugging it into your system. Attackers often rely on human curiosity to get the malware onto your machine.

2. Be extra cautious with email attachments: GOFFEE’s campaigns often begin with phishing emails carrying malicious RAR files or Office documents with macros. Always double-check the sender’s address and never open unexpected attachments, especially if they ask you to "enable macros" or come from unknown contacts. When in doubt, confirm through a different channel.

3. Avoid clicking on suspicious links and use strong antivirus software: Many attacks like GOFFEE’s start with emails that look legitimate but contain malicious links. These links might lead you to fake login pages or silently download malware that sets the stage for USB-targeting tools like PowerModul.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4. Scan USB drives before use: The USB Worm infects USB drives by hiding original files and planting malicious scripts disguised as shortcuts, which trigger PowerModul when clicked. FlashFileGrabber also steals files silently from USBs, often going unnoticed. Always scan USB drives with updated antivirus software before opening any files. Use a reputable security tool to check for hidden scripts, unusual shortcuts or unexpected executables. If files appear renamed or hidden, don’t click them until verified safe.

How to scan a USB flash drive for malware (PC & Mac)

No matter which antivirus tool you use, it’s essential to scan USB flash drives as soon as you plug them in. Here’s how to do it on both platforms:

For Windows PC

  1. Insert your USB flash drive into your computer
  2. Open your installed antivirus software
  3. Look for a Custom Scan or Scan Specific Drive option
  4. Select your USB drive from the list
  5. Start the scan and allow the tool to detect and remove any threats

For macOS

  1. Plug in your USB flash drive
  2. Open your antivirus application
  3. Choose the option to Scan Files or Custom Scan
  4. Select your USB flash drive as the target
  5. Run the scan and follow prompts to remove or quarantine malware

Tip: Make sure real-time protection is turned on in your antivirus settings. This can help automatically block threats the moment a USB device is inserted.

DATA REMOVAL DOES WHAT VPNS DON’T: HERE'S WHY YOU NEED BOTH 

Kurt’s key takeaway

Cybercriminals thrive where convenience meets oversight. However, it’s worth considering why USBs remain such a soft target. They’re not just storage but a cultural artifact of workplaces, especially in high-stakes sectors like energy or government, where offline data transfer feels safer than the cloud. But that trust is a blind spot. Attackers like GOFFEE don’t need zero days because they can exploit human habits such as sharing drives, skipping scans and clicking without thinking.

How often do you plug in a USB drive without scanning it first? Let us know by writing us at CLICK HERE TO GET THE FOX NEWS APP

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Instagram

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at Privacy

  • Cybercrime
    • Close modal

    Continue

    Follow Lee on X/Twitter - Father, Husband, Serial builder creating AI, crypto, games & web tools. We are friends :) AI Will Come To Life!

    Check out: eBank.nz (Art Generator) | Netwrck.com (AI Tools) | Text-Generator.io (AI API) | BitBank.nz (Crypto AI) | ReadingTime (Kids Reading) | RewordGame | BigMultiplayerChess | WebFiddle | How.nz | Helix AI Assistant