One of the unique successes in China’s sharing economy has been power bank rentals, but police in China have recently warned that the mobile battery packs keeping users’ smartphones charged up could also spread malware. The online security department of the Ministry of Public Security warned on its official WeChat account on Sunday that power banks could potentially be used to transmit Trojan horses and other types of malware, especially power banks of unknown origin. Once a smartphone is infected, the malware could steal personal information, including contacts, photos and videos, according to a police video. For now, the threat may not be big. Although the police did not offer any real-world examples of the trick being used, some experts warn that users should be wary of the potential threat.
More information: https://www.scmp.com/tech/gear/article/3112824/police-warn-shared-power-banks-could-transmit-viruses-industry-continues
We\’ve seen several different attack avenues which leverage external devices plugged into phones, tablets, and laptops which are designed to steal information or install malware. Innocent-looking phone charging cables or power banks serve as a great way to compromise a device. While attacks of this nature may not be widespread, it is something that could be used in targeted attacks, particularly against executives, politicians, or key employees. Which is why it\’s worthwhile to be aware of the threats and be cautious by only travelling with your own cables and power banks.
While this threat may not yet be widespread, it is certainly one to be wary of. It is critical that individuals are selective in what they introduce to their devices. That is, they should never insert an unknown USB, hard drive, or in this case, a power bank, without first vetting it.
Of late, we have also seen an increase in unexpected deliveries. While this may just be a ‘brushing scam’ to improve a seller’s reviews, there may also be more malicious intentions behind the scheme whereby a cybercriminal essentially hand-delivers malware in the form of a ‘free’ power bank. Individuals should stay clear of this and adopt basic cyber hygiene measures such as installing a trusted anti-malware/anti-virus software.