In a startling revelation shared on Reddit, a user’s experience with a newly purchased sex toy turned into a cybersecurity nightmare. The individual bought a “Spencer’s Sexology P*ssy Power 8-Function Rechargeable Bullet Vibrator” from a mall, which, unbeknownst to them, was harboring malware. The device, designed with a USB port for charging, was plugged into their computer, leading to an unexpected malware download flagged by Malwarebytes.
Malwarebytes confirmed that the vibrator attempted to deploy an information stealer called Lumma onto the user’s computer. Lumma, a subscription-based malware, is notorious for targeting cryptocurrency wallets and two-factor authentication extensions, aiming to pilfer sensitive data from devices. It has recently evolved to compromise Google accounts effectively.
The discovery was made possible when the customer provided the contents of the vibrator’s flash drive, which included suspicious XML files and a Microsoft Software Installer file, humorously named “Mia_Khalifa 18+.msi.” These files, seemingly designed to distract the user, paved the way for the actual malware installation.
Upon further investigation, Malwarebytes identified the malware as a Trojan.Crypt.MSIL, a type of Trojan horse that delivered a potent combination of the Lumma Stealer and an additional .NET dll library.
The incident raises questions about how the sex toy became infected. Efforts to understand the breach led Malwarebytes to contact Spencer’s, the retailer where the vibrator was purchased. While Spencer’s acknowledged the issue, they have yet to provide detailed information on the matter.
To prevent such cybersecurity risks, Malwarebytes advises against charging USB devices on computers, likening untrusted devices to potentially dangerous USB sticks found in parking lots. They recommend using traditional AC plug sockets for charging to avoid data transfer and suggest employing “USB condoms” or “juice-jack defenders” for those who still prefer USB connections. These devices block data exchange during charging.
Additionally, using security software like Malwarebytes Premium, which protected the user in this scenario, is recommended for an added layer of defense against such unforeseen threats.
Discover more from Baller Alert
Subscribe to get the latest posts sent to your email.
