ESET Discovers New Data-Stealing Trojan Malware

Next story

Malware is capable of stealthy attacks against air-gapped systems, is protected against detection and

ESET®, a global pioneer in proactive protection for more than two decades, today announced the discovery of a new data-stealing Trojan malware, known as Win32/PSW.Stealer.NAI, otherwise known as USB Thief.

This malware exclusively spreads through USB devices without leaving any evidence on the compromised computer. Since it doesn’t leave a trace, victims may not even know their data has been stolen. The creators of the malware also prevented it from being reproduced or copied, making it difficult to detect and analyze.

“The USB Thief is much different from the more common malware types that we're used to seeing flooding the internet,” said Tomáš Gardoň, ESET Malware Analyst. “This malware was created for targeted attacks on systems isolated from the internet. Given organizations isolate their machines for a reason, this makes the malware particularly dangerous.”

USB Thief has a sophisticated implementation of multi-staged encryption that is also bound to features of the USB device hosting it. It can be stored as a plugin source of portable applications or as just a library – DLL – used by the portable application. Therefore, whenever such an application is executed, the malware will also be run in the background.

“This is not a very common way to trick users, but very dangerous. People should understand the risks associated with USB storage devices obtained from sources that may not be trustworthy,” said Gardoň.

Additional details about the USB Thief Trojan can be found in an interview with Tomáš Gardoň or in a technical article on ESET’s official IT security blog,

About ESET:
Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit or follow us on LinkedIn, Facebook and Twitter.

Kiley Nichols, 415-293-2824