Hackers are now utilizing vibrators to steal your personal information, and they’re even paying for malware subscriptions.
One Reddit user shared their nightmare story of purchasing a USB-charged Spencer’s Sexology Pussy Power 8-Function Rechargeable Bullet Vibrator at the mall only to discover that it contained viruses.
I bought a small vibrator at the mall. It has a cap you can remove and a USB port for charging, so it’s essentially a vibrator flash drive,’ the user added.
‘Plugged it into my computer to charge without any thought. Opened my web browser, and a file was instantly downloaded without opening any webpages, Malwarebytes has flagged it as malware and stopped the download.’
The vibrator was found to contain a virus known as Lumma, a subscription-based malware which criminals have to pay to get access to.
Also known as Lumma Stealer, the virus has been around since at least August 2022. It typically targets cryptocurrency wallets and two-factor authentication extensions on web browsers, through which it steals user’s personal information.
Lumma is often distributed through email campaigns, or hidden in free downloads on websites or free/pirated apps and has even been found on instant messaging platforms like Telegram but now it seems it can be spread through infected USB drives.
The subscription-based approach is known as the Malware-as-a-Service model, which has seen a rise in popularity in recent years.
Tips on connecting USB devices
- Opt to charge any USB into AC plug sockets as no data can be transferred while you charge
- You could buy a USB juice jack that will stop any accidental data exchange when you plug the USB into another device
- Never plug in an unknown USB you have found
- Install a USB-blocking software
- If you have a Windows computer, switch off Autorun before plugging in any unknown devices
Once subscribed, hackers are granted access to a range of pre-built malware, tools, and infrastructure, which can allow anybody to launch a successful cyber-attack, regardless of their technical expertise.
After stopping the download, cybersecurity firm Malwarebytes flagged the issue to Spencer’s, who reportedly said they aware of the issue.
A spokesperson for Spencer’s, who stocked the faulty vibrator, told Malwarebytes: ‘We are aware of the issue raised regarding one of our intimate products and can confirm that it is unable to transmit data, as there is no physical connection from the PC board circuitry to the USB data pins.’
However, where and how the device became infected is still unknown, and even though he company says it cannot transfer the virus, it’s still one to keep an eye out for.