ByteBait USB: a robust simulation toolkit for badUSB phishing campaign

ByteBait USB: a robust simulation toolkit for badUSB phishing campaign

Abstract Phishing, a prevalent cybercrime using social engineering, threatens individuals and enterprises despite existing protections. This paper addresses BadUSB devices in phishing campaigns, which exploit inherent trust in USB devices to execute malicious actions like keystroke injection. These...

Full description

Saved in:
Bibliographic Details
Main Authors: Wenhao Li, Selvakumar Manickam, Yung-Wey Chong, Yongqing He, Ho Yean Li, Binyong Li
Format: Article
Language:English
Published: Springer 2025-07-01
Series:Journal of King Saud University: Computer and Information Sciences
Subjects:
BadUSB
HID attack
Simulated phishing attack
Anti-phishing
Phishing awareness
Security education
Online Access:https://doi.org/10.1007/s44443-025-00067-6
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Abstract Phishing, a prevalent cybercrime using social engineering, threatens individuals and enterprises despite existing protections. This paper addresses BadUSB devices in phishing campaigns, which exploit inherent trust in USB devices to execute malicious actions like keystroke injection. These attacks are particularly dangerous as their malicious code resides in firmware, evading traditional antivirus solutions. While enterprises have adopted phishing awareness training, there remains a significant gap in simulated BadUSB phishing campaigns. Our study employs a multifaceted approach starting with a survey of public awareness and behaviors regarding BadUSB threats. We examine the lifecycle of simulated BadUSB phishing campaigns in enterprise environments, develop a detailed threat model, and propose solutions through ByteBait USB, a comprehensive simulation toolkit. This toolkit features advanced capabilities including long-range communication, motion detection, trajectory tracking, and efficient power management, creating a realistic simulation environment. To our knowledge, this represents one of the first efforts to develop a BadUSB simulation toolkit, complementing existing resources for simulating phishing emails and websites. The proposed toolkit has been validated through real-world simulations, demonstrating its effectiveness in enhancing security awareness against sophisticated USB-based threats.
ISSN:1319-1578
2213-1248

Similar Items