IBM is alerting customers to get rid of USB drives shipped with some of its Storewize storage systems as the devices may contain malware identified as part of the Reconyc Trojan (Trojan.Reconyc) family. It is best if the USB drives are destroyed.
“IBM has detected that some USB flash drives containing the initialization tool shipped with the IBM Storwize V3500, V3700 and V5000 Gen 1 systems contain a file that has been infected with malicious code,” the company stated in an advisory.
Reconyc Trojan Found on USB Drives Shipped with Storewize Storage Systems
Kaspersky Lab data indicates that the malicious code found on the USB drives belongs to the Reconyc Trojan malware family. The company detects the malware as Trojan.Win32.Reconyc. It is known to target users mostly in Russia and India.
Nonetheless, users from other regions may also be targeted. The malware is designed to “spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). “ Afterwards, the collected data is sent to the cybercriminals via email, FTP, or HTTP.
If the code is found on USB drives, the malware will end up on the system when the Storewize initialization tool is launched from the drive. The malicious code will be copied into a temporary folder: %TMP%\initTool on Windows systems or /tmp/initTool on Linux or Mac systems. Interestingly, the code itself is not executed during the initialization, as reported by IBM:
Neither the IBM Storwize storage systems nor data stored on these systems are infected by this malicious code. Systems not listed above and USB flash drives used for Encryption Key management are not affected by this issue. The best way to secure a system that may have been affected by the malware via an infected USB drive is by running an anti-malware program. Another option is removing it from the system via the deletion of the temporary directories created when the drive is run.
Once this is done, the company recommends destroying the USB drive so that it doesn’t compromise any other systems.
An alternative option is to repair the flash drive by deleting the InitTool folder on the USB and downloading a new initialization tool package:
1.Delete the folder called InitTool on the USB flash drive which will delete the folder and all the files inside.If using a Windows machine, holding down shift when deleting the folder will ensure that the files are permanently deleted rather than being copied to the recycle bin.
2.Download the Initialization tool package from FixCentral.
3.Unzip the package onto the USB flash drive.
4.Manually scan the USB flash drive with antivirus software.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter