We've lost count of the number of times people have asked us about USB flash drives they've found. "It was in my mailbox!" "I saw it on the sidewalk!"
They always want to know if the flash drive is safe to use. We always ask the same question in response - "Did you plug it into your computer yet?"
If they say no, we tell them to throw the drive away, right now.
If they say yes, we schedule a malware scan immediately.
Why would we do that? After all, it’s a free USB drive. No files, no signs of use. What’s the harm?
Malware embedded in the flash drive. That’s the harm.
Cops warn of malware-infected USB sticks placed in mailboxes – FoxNews Tech
This 2016 news article talks about USB drives found in people’s mailboxes in Australia. The drives are infected with malware that can steal your personal information. The same thing’s happening here in the U.S.
It's still happening in 2020. Not just with USB flash drives either...we've also seen infected SD & microSD cards.
Hackers and cybercriminals are preying on people’s sense of curiosity. If you found an unmarked USB drive/microSD card, what would you do? Plug it into your PC to find out what's on it, right?
The problem is, the malware starts working the second you plug in the drive. Your information gets stolen before you blink. Or your computer’s locked up with ransomware.
Is it possible to clean the malware off & use the USB drive safely? It's possible, in theory. However, it depends 100% on the malware type. Some malware code embeds itself in a drive’s firmware—where it's staying. Even a format won’t get rid of it.
So what should you do if you find a USB drive/microSD card on the street? Smash it with a hammer. Then throw it away.
Got a tech question you need answered? Please email us at firstname.lastname@example.org and we may make it our next Tech Tip.
(Updated February 2020.)