Systems Are Compromised by Evilmouse A $44 hardware implant that looks like a regular computer mouse This article explores usb hub evilmouse. . Similar to the Hak5 Rubber Ducky, this gadget functions as a secret keystroke injector, but it avoids basic user awareness training by using the harmless form factor of a mouse.

When you plug it in, it will automatically run payloads that, without raising any red flags, carry out commands, deliver reverse shells, or worse. Find out more Software for preventing data loss Event on Windows Cyber Log Platforms for threat intelligence Monitoring of computer data breaches Analysis by cybersecurity experts Software for preventing cyberattacks Detection of threats in real time Solutions for e-signatures Conventional USB drives cause post-training alarms, but a working mouse? It fits in perfectly with any type of workspace.

Through an integrated USB hub, Evilmouse maintains the host mouse's optical sensor and buttons, guaranteeing that clicks and cursor movement function as intended. In the project report, NEWO-J mentions that "everyone knows USB sticks are risky." "A mouse may not even be considered a threat."

The build uses inexpensive parts that cost less than $50: Approximate Material Quantity Cost: RP2040 Zero microcontroller 1 $3 The Adafruit USB Hub Breakout with Two Ports One $5 One $6 Amazon Basics Mouse and one $3 USB-C Pigtail Cable 60/40 rosin-core Solder 1: $8 Data Cable for USB-C One $8 Paste Flux One $6 Tape from Kapton One $5 Dupont Wires 4 ~$0.03 About $44. This democratizes hardware implants for bad actors or red teams, undercutting the $100 price tag of a Rubber Ducky.

The tiny shell, which was housed in a $6 Amazon Basics mouse, required alterations. Researchers need to use a multi-tool cutter to remove the plastic ribbing and a flathead screwdriver to carefully desolder the white connector on the stock PCB. Find out more Alerts for security news Take advantage of database access Threat intelligence platforms were exploited.

Malware for cloud security solutions Detection of threats in real time Planning for incident response Services for digital forensics Reports on threat intelligence Exploitation is handled by the CircuitPython firmware-flashed RP2040 Zero. A Windows AV-safe reverse shell to a listener host is incompatible with pico-ducky-prompted custom code. It was challenging to solder the wires, pigtail, and USB hub; NEWO-J spent a week practicing through-hole components. The shell can snap shut while still functioning thanks to careful wire routing and Kapton tape, which protects against short circuits.

The complete code is available on GitHub, and DuckyScript compatibility is planned. The repository cautions, "Built for education only," and denies any malicious use. In a video demonstration, installing Evilmouse on "Laptop A" results in an admin-level reverse shell on "Laptop B" in a matter of seconds.

There is no need for user interaction. Persistence is increased by features like scheduled tasks or hidden command prompts. Windows Defender is evaded by stealth tactics, but sophisticated workarounds are still a ways off. HID (Human Interface Device) attack vectors are highlighted by Evilmouse.

Mice take advantage of USB's plug-and-play trust by imitating reliable peripherals. Physical port restrictions, endpoint detection tools that look for unusual keystrokes, and USB device whitelisting through Group Policy are some of the defenses. It provides pentesters with a low-cost substitute for commercial equipment; they can enhance it with Rust for remote triggers or faster injection.

X, LinkedIn, and LinkedIn for daily ZeroOwl. To have your stories featured, get in touch with us.