Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Bad vibes only as sex toy tries to infect PC with malware

A new vector of malware infection proves that you really do need to clean your toys before use.

user icon David Hollingworth
Thu, 22 Feb 2024
Bad vibes only as sex toy tries to infect PC with malware
expand image

Earlier this month, we reported on a botnet running on millions of smart toothbrushes, but – somewhat sadly – that whole thing seems to have been based on some speculative reporting.

But forget toothbrush botnets; that’s old news.

The thing we’re worrying about today is a betrayal perpetrated by one of the most intimate items a person can own – a sex toy.

============
============

This is exactly what NetManageIT’s chief technical officer spotted while casually doing some threat research on the OpenCTI intelligence platform. This is an open-source tool for threat tracking and analysis, and now, apparently, discovering new ways to make malware weird.

“Vibrator sex toy infected with malware? Lol,” is the headline to a very brief NetManageIT blog post. Brief because, as CTO Daniel Bender said, what else can you add to that?

“Well, you certainly do not see this every day looking through threat intel reports,” Bender wrote. “Not much else to say, see screenshots for a good chuckle.”

“Do we need a new MITRE attack pattern named after this?”

Bender shared his blog post on Reddit, saying: “To clarify for all, I first saw this in my OpenCTI Threat Platform doing research and stumbled upon it. Which I thought was funny and odd, as this is something you would likely see on a forum or news/cyber/humour site,” Bender said.

“Not officially ingested via API from very well know [sic] ThreatIntel/Cyber companies. I literally had zero knowledge of such a thing before I saw it in OpenCTI.”

Checking OpenCTI ourselves (see the screenshot above), the infected vibe is the top report, and the source is legit – it comes from a Malwarebytes blog post.

“I know that some of you are expecting a post similar to that about a toothbrush botnet, but this is not a hypothetical case,” Malwarebytes said. “It actually happened.”

“A Malwarebytes Premium customer started a thread on Reddit saying we had blocked malware from trying to infect their computer after they connected a vibrator to a USB port in order to charge the device.”

The vibrator – the Sexology Pussy Power 8-Function Rechargeable Bullet Vibrator from mega-retailer Spencer’s, if you’re curious – was infected with Lumma, an info stealer sold via a malware-as-a-service tool. It can steal from cryptocurrency wallets and browser extensions and harvest 2FA credentials. It’s normally spread via email but is more than capable of being spread via USB devices – including, it now appears, sex toys that charge via USB.

Malwarebytes reached out to Spencer’s, and it turns out it is a known issue, which is pretty wild.

“Spencer’s acknowledged that it was aware of the problem, but the team investigating the issue was unable to provide further information at this point,” Malwarebytes said. “We’ll keep you updated if we receive word from them or find out any more information ourselves.

What’s fascinating is that while many modern vibrators and similar devices are, in fact, net-connected in some fashion (for control via an app, for instance), this particular model is a pretty dumb device. It’s not connected to anything. It also doesn’t charge via a cable; instead, it features a direct USB connection – it’s effectively a vibrating thumb drive with no storage.

This begs the question of where and how the device got loaded with the Lumma malware. It’s either been infected at the factory, which is possible, we guess, but more likely, one of the components within the device was infected at its point of manufacture. If the malware was loaded on a pre-infected control chip, this is effectively a unique form of supply chain attack, and the infected chips could be in any number of other budget gadgets.

We don’t yet know the score of this infection, but the vibrator in question is currently listed as sold out on Spencer’s website. The reviews — the vibe is currently just shy of a five-star rating – are all wildly positive. There could be a lot of these in circulation, infecting their owners with a wholly different type of contagion.

Truly, the hackers have gone too far when you can’t even trust the humble vibrator.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.