Comment by elfchief
5 days ago
It's worth noting that there's basically zero proper evidence that there is any malware included with this device -- it runs an exe when inserted, but that exe appears, at a glance, to be a driver installer. Definitely not the right way to do things, but there's a difference between "incompetent" and "malicious".
The only actual "evidence" that was provided was a link to a falcon sandbox run, something which actually requires human analysis to draw conclusions about -- and anyone who has ever used it knows how many false positives it finds.
A better proclamation might be "cheap network adapter comes with an auto-running executable which needs further analysis".
Can you call it "auto-running" when they it don't even bother to pack in an autorun.inf? (based on https://x.com/evapro30/status/1878635208582562113)
The autorun.inf would be in the flash drive, not the executable they uploaded to Any.Run. Were any pics of the flash drive contents shared?