A Real Malware In A Mouse

mouseagain

After reading an April Fools joke we fell for, [Mortimer] decided to replicate this project that turns the common USB mouse into a powerful tool that can bring down corporations and governments. Actually, he just gave himself one-click access to Hackaday, but that’s just as good.

The guts of this modified mouse are pretty simple; the left click, right click, and wheel click of the mouse are wired up to three pins on an Arduino Pro Micro. The USB port of the ‘duino is configured as a USB HID device and has the ability to send keyboard commands in response to any input on the mouse.

Right now, [Mortimer] has this mouse configured that when the left click button is pressed, it highlights the address bar of his browser and types in http://www.hackaday.com. Not quite as subversive as reading extremely small codes printed on a mousepad with the optical sensor, but enough to build upon this project and do some serious damage to a computer.

Video of [Mort]‘s mouse below.

27 thoughts on “A Real Malware In A Mouse

  1. Typing in a URL to HaD is now malware? What more can we expect from a journalism major who doesnt understand security basics and is paid per post.

    1. Missing the point and concept of the post? Ah well, what more can we expect from a troll that doesn’t understand proof-of-concept and has nothing better to do than criticize.

        1. Yeah, that needs to go to the right people for an assault charge to be filed. Better be punished now when he is a juvenile instead of later when it will be permanently on his record.

        2. I’m not going to lie, this matt guy has been pissing me off for a long time. Much more so than any other trolls, like fartface. And I think it’s because I’m not convinced that matt’s a moron. There seems to be possibly even an intelligent person inside there. And it’s the fact that he is still so utterly and deliberately vindictive that really grates.

        3. According to that post Matt’s 30. WTF is a 30 year old doing shooting anyone especially his 6? year old sister. Troll on the forums a coward and a bully in real life. Poor guy,

    2. I wouldn’t consider HaD malware, but I certainly see your point; pulling up a website is hardly the end-all-be-all of attacks, especially if it is designed to only happen when someone is using the computer and will notice it right away. BUT…set it on a 3-5 hour non-activity timer and you know it isn’t going to pop while the user is talking on the phone, eating lunch at their desk, watching a movie, etc…it is only going to pop after they go home for the day. Make the script so that after installing it cleans up after itself and then hides the extra device and you have a winner…assuming the computer has internet access. Of course, if you wanted to cause massive damage to Iran’s uranium enrichment and you know it is a stand-alone network, there are other options. After the last “hacked mouse” I did a bit of checking and found this: http://isostick.com/ . Basically it is a USB DVD drive simulator…on windows this can be used to autoload a virus even without an internet connection (if autoplay hasn’t been turned off). Some Linux distros also have autoplay functionality, even for normal flash drives. What’s more, if you are using a really fancy ergo mouse (and if you want them to plug it in, you use the nicest mouse you can find), you have room for a lot of hardware. Add a small WiFi or BT dongle and the mouse can now transmit wireless data from the sealed room with the stand-alone system, so that the janitor can receive it to his phone as he is mopping outside the door to the sealed room in the middle of the night. So yes…a mouse can be a very effective infiltration tool assuming you can get someone to use it, and also assuming that you are smart about it and don’t design it so that it warns the user that they are infected by pulling up a website right in front of them when they press one of the buttons or move over a certain part of their mousepad. The same can be said about keyboards…and with enough patience, you don’t even need the social engineering part of the puzzle; just mod a few mice and keyboards and put them in the IT “spare parts” closet.

      1. Does it really matyer though if it happens while there sitting there? I mean its not like there going to go shit i have a virus hmmn i wonder if that came from my new mouse. Instead there going to scan there system get nothing back ignore it and leave the mouse plugged in.

  2. Or you can just build the thing into an USB cable connector like we now know the NSA does from the snowden files.

        1. That was an interesting read. They even mentioned the uA-Value of chips. I wonder why all the names are so hard to spell. They are kinda cryptic to read and dont stell well in mind… like that would be the case. Are there any more of those documents around? I’m really not in the loop with such things.

          1. It would be interesting for a HaD user to actually try it, somehow cleanly remove the rubber of a standard USB cable connector, then 3D print a model of the removed casing and build a circuit that fits in the space and fill the mold with some sort of rubber so the cable ends up looking like a real non-tampered one. I wonder if that would be hard for the amateur.

    1. it sends keyboard commands, and alt-d in firefox selects the addressbar. Not sure what shortcut other browsers use.
      The flaw being that you’d already need a browser open, but there are ways to do it, if you do the keycombo windows-e for instance an explorer window opens, when you enter a URL in the address bar of an explorer window it automatically opens the default browser with that URL opened in it once you hit enter.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s