Schneider Electric has released a warning and advisory notice according to which the USB drives shipped with some of the company’s products may be infected with malware.
“Schneider Electric is aware that USB removable media shipped with the Conext Combox and Conext Battery Monitor products may have been exposed to malware during manufacturing at a third-party supplier’s facility,” the warning message read.
The drives were, reportedly, shipped with two products namely Conext Combox (sku 865-1058) and Conext Battery Monitor (sku 865-1058). The products were part of the company’s solar power range.
ComBox is a monitoring and communications device used by installers/operators of Conext solar systems. The Battery Monitor is made to indicate total hours of battery-based runtime and also describes a battery bank’s charging state.
It is suspected that the devices were loaded with malware or rather contaminated while these were being manufactured, which was conducted at a “third-party supplier’s facility.”
According to reports, Schneider Electric shipped two of its products along with USB drives containing user manuals and “non-essential” software.
“These USB removable media contain user documentation and non-essential software utilities. They do not contain any operational software and are not required for the installation, commissioning, or operation of the products mentioned above. This issue has no impact on the operation or security of the Conext Combox or Conext Battery Monitor products,” the company’s advisory released last month read.
These drives might be affected with malware; therefore, the company is urging its customers to not use the flash drives and to securely dispose of the USB dongles.
It is worth noting that the company ships all versions of the abovementioned products with flash drives. This means, almost all of the devices may be infected with malware. Schneider Electric, an industry leader based in France, also noted that the malware will be detected and blocked by all mainstream anti-malware programs, and that this isn’t a targeted attack.
Despite that, this isn’t the working of a malicious cybercriminal but it does serve as a clear reality check to those who prefer using flash drives. There could be serious implications of inserting unverified USB drives into your computers and this practice must stop now. Moreover, those users who believe that they might have accessed the infected flash drive must perform a full system scan immediately.
The company didn’t yet reveal the number of possibly affected customers and what type of malware was present on the drives. However, this is not the first time that a renowned company has delivered malware-infected USB drives. Last year, IBM issued a warning there are a number of infected USB sticks out there with some very dangerous malware. The USB sticks in question were shipped with Storwize flash and they have hybrid storage systems.
IBM suggested destroying the USB sticks immediately. Otherwise, your device can be infected with malware making the system vulnerable. In another incident, Taiwanese police distributed malware-infected USB sticks to the winners of a cybersecurity-related quiz during a conference hosted by the Presidential Office in December 2017.