USB keystroke injectors still a threat to crypto users

cointelegraph.com:

The Diabolic Drive’s name sounds as ominous as its potential payload. The recently developed USB wireless keystroke injection tool is intended to stress test networks, but could it potentially be used as a means to steal cryptocurrency from unwitting users?

The new gadget is set to be used by cybersecurity experts to test networks and business infrastructure against threats. As recent reviews highlight, the 64GB drive is Wi-Fi enabled once plugged into a system, allowing a user to access the connected device remotely.

According to a hardware review by Geeky-gadgets, the Diabolic Drive can fire a payload of a hypothetical malicious script remotely and can even be pre-programmed to execute commands as soon as it is plugged into a device.

These devices are impressive and scary. Amazing what can be built so easily and dangerous for those who are careless and don’t understand them. | Diabolic Drive is a penetration testing USB key with 64GB storage, ESP8266 and ATmega32U4 microcontrollers https://t.co/dBI6TTFhjq

Consider the scenario. You attend your favourite cryptocurrency conference and receive a nifty new USB as a gift from promoters on the floor. Plugging the device in after you open your laptop, the device has already begun injecting malware onto the system that will allow an attacker to steal your cryptocurrency holdings from your go-to wallet browser extension.

It’s a nightmare hypothetical scenario that still warrants some exploring of the “what if’s”. Cointelegraph reached out to a handful of cybersecurity firms to unpack the threat of a USB injection tool and the potential for attackers to steal your coins.

Zeki Turedi, CrowdStrike’s field CTO for Europe, said that USB keystroke and wireless keyboard/HID devices have