strange how companies do not really get anything done till it goes up as news on youtube with users having >1M subs inspite of being aware of it

Just insane how a big company like sebrent after the first malicious file which they responded to didn't then look into more of there files it's a very big concern to have a Trojan in your firmware updates

I worked for many companies as a software engineer, any kind of uploads/downloads are always being scanned with anti varus modules, this is pure incompetence and a sign of lack of security mindset at the company.

we all love running CCP malware from and official firmware update website :\D

@@MetsLand In the post, it mentions that they did respond and that it was a possible supply chain attack. They couldn't have known unless they personally ran them, in which even HP doesn't. But yes, a major security issue.

Beware of sites like CNET too.

@@sr2291, oh yeah, they always sketch me out. I'm usually worried about hidden bundleware or adware with those kinds of sites.

Supply Chain Attacks are where threat actors have started to pivot. The recent one for the compression libraries in Linux is another example.

if you use GNU/Linux-libre then this attack can't happen to you due to the lack of closed source firmware. yes someone called Jia Tan did TRY to hack the planet in a way that bypassed that but because of the overwhelming power of open source software, he was immediately caught and stopped

I'm scared, please hold my hand!

Exactly! I suspect that it was someone at Sabrent who got the legit files and attached a RAT. Either that or some CCP spy. Either way, I will be avoiding Sabrent like the plague.

my guess is that they have a ton of disorganized overseas employees and one of their employees is misbehaving but they cant figure out who yet

Yea that’s pretty concerning considering there’s only about 250 downloads listed and half of them are just user manuals. Wouldn’t have been hard to look through all the installers

@@ThioJoe Unfortunately, this isn't the first time an official site has had this issue. A while back, there was a Minecraft mod site having similar problems

It's not just the time or effort, they should feel responsible enough to cut the site until they figure out where the malware files came from.

I vote for incompetent

I think the cloud backup restoring them is actually likely. I found the reddit post and they updated it, they said it is a supply chain attack and could affect other manufacturers.

​@@HexcedeI don't know if I can believe that "it was a supply chain attack", that would mean Sabrent got infected firmware from a 3rd party and simply put it on their site, they did no testing of said firmware, and Sabrent also would have had no antivirus or security software running to detect it if it was ever opened, and on top of that the filename of the download is wrong. Seems like a deflection to me... It has to be internal, or they are claiming some heavy duty incompetence at many levels!

looks very intentional to me, esp. given after they acknowledged the issue, still didn't remove or even check for all of the infected files on their "official" website - better stay away from such companies, miles away

Both incompetent and careless.

Suspend all downloads THEN investigate.

@@alexdrockhound9497 Correct. My mistake.

@@alexdrockhound9497 naah, there is people lying and making false accusation only for the purpose of harming a company, so you should atleast do a initial investigation and verification, before taking down anything. In some countries, you have the "penalty of perjury" which means if someone does a false accusation - doesn't need to be to a government agency, its enough to another private person, its illegal and could get you caught for "perjury", but many countries (especially large parts of EU) where "penalty of perjury" only applies when you express the lie to a government agency, meaning if you lie to a third party which then goes to a government agency, its not your fault, meaning it could in these countries be totally risk free going around and lying to companies and people. Since the law does not always protect you from lies, always do a basic initial verification before taking down anything. Theres too many instances where administrators or moderators ban someone purely based on lies (and print screens are astonlishy easy to spoof today where there is the built-in "Inspect" function in every browser today - you don't even need to get the correct font of the text you are fraudulently changing). So verify first before taking any action.

They are not security people. The person who writes on reddit is likely customer support.

Then contact the customers!!

some hardware companies are completely clueless about security, TCP/IP networking and software in general outside of their own niche drivers and firmware. this should be a wake up call for them to hire more security researchers

It's a pity as they had some good products

To me the worst part was their support telling someone it was a false positive, despite clearly having no idea

wow that reminds me of those MS DOS viruses in the 90s and stuff lol

Sheesh

Lol nice

classic trojan... that it weird that someone would use such an easily detected/removable piece of trash like this in 2024... but do we know what it does?? is it a key logger and sending it back to base?? did you check to see if it opened any network connections?

if i had not watched the video i would have guessed someone at sabrent got infected and it spreadits way into the file.

For those asking about why a HUB would need a firmware update. My friend (the author of the email) could not use a thumb drive plugged into the HUB. He was getting a not enough power warning. This was something I saw people running into in the amazon reviews and stating that there was updated firmware to fix it. So, the HUB was basically unusable with a storage device from the factory.....the fix for that issue contained a RAT from the same factory it seems.

It would also be possible that there is rouge employee doing this on their own, though that is not very common

@@Octahedran Maybe the same person that's supposed to prevent this is the one doing it. That's why they refused to do anything after the community manager raised the alert.

Perhaps China wants to spy on us thru a US proxy.

@@Octahedran I like when typos add a little bit of levity to a serious matter. Yours does exactly that. A 'rouge' employee versus a rogue employee. The employee was probably a little red in the face for some reason and decided to go rogue. Again, I am not trying to be the spelling police.

I can read Chinese, the translation is largely accurate.

So is the maleware taking control of your mouse to do somehting?

@@dragon1130 No its just insturctions

@@dragon1130 These are legitimate instructions on how to flash the firmware. The person who created those instructions is probably not the one who created the malware.

uhhh no

Only if they also control the website

What's VT? I have legit nver heard of it.

@@dragon1130 Virus Total

@@dragon1130 virustotal

​@@dragon1130 virus total. It's a website.

@@dragon1130VirusTotal

What benefit does the new firmware provide? Does it hub better?

@@Fladelerium No idea but it works fine so I won't update it unless it stops working

They finally took action (not too long ago) and took (I assume) all of the infected files down. Over half a year later they finally did something. Very telling.

Surprisingly, it turns out that's probably the most dangerous course of action to take in this circumstance. Let's say this whole thing ends up costing them 5 million in revenue. That's a very costly lesson, but the lesson is learned, and the person who made the mistake will be on the lookout for this sort of attack for the rest of his career, and be the biggest advocate for security. If you keep him, you just spent 5 million training your security analyst. If you fire him, you just spent 5 million training your competitor's security analyst. Also, the whole team? Regardless of who made a mistake? The Geneva Convention doesn't really apply to corporations, but I'll go out on a limb and say a company probably shouldn't do things that the Geneva Convention classifies as war crimes.

@@OhhCrapGuy No. the one who didn't order to make sure all files are what they were was the boss if he is not fired for this he has no reason to change anything and the thing will repeat Oh he can punish someone whos responsibilities didn't include checking for security.

I cannot, they don't work for me.

thats a bit drastic..

@@IceWolf1102 not really. they have very clearly shown that they are not trustworthy

Both. Both is good.

What do you use to scan

It is about burning firmware. Even if these use flash memory these days and not actual EEPROMs, the term is still being used. It looks like legit instructions from whoever made the underlying hardware and supplied to the vendor of the USB hub, but most likely it should not have shipped with the firmware update as-is.

Well i kinda messed up my upload schedule myself for the past several weeks anyway 💀

@@ThioJoe real💀, btw I love your content I am inspired by your work and am aiming to become a future software engineer

Could be an inside job, or some sort of social engineering attack.

Supply chain attack. If they aren't the ones that write the firmware for their devices, then the Chinese company that did provided infected firmware. They trusted it at face value (foolish) and uploaded it to their website. That's the most likely reason, but we'll likely never know the details.

You don't need a driver for a hub. Windows all the way back to XP already has built-in drivers.

Yep, as soon as I saw that they had offices in China, it all made sense.

Microsoft requires drivers to be signed and firmware aint the same thing anyway Firmware is in device and driver is within windows

@@commanderoof4578 Ah, right, good point. That completely flew past me

@@commanderoof4578 Firmware gets stored on memory within hardware. Like little flash memory chips embedded in PCBs. Drivers will get stored on your ssd or hard drive permanently.

microsoft has already been infected, so the chance is essentially 100%.

​​@@commanderoof4578/ Some OEM laptops deliver firmware updates via Windows Update server, so yeah it can happen. Although, I doubt it does for peripheral firmwares.

Considering, a very important linux "part" was literally hijacked via social engineering and installed malware into it, and the only saving grace was the MS employee checking SSH lag time. The shadow war is intensifying.

Or you could just not update the firmware. It’s not like the product is non-functional without the update.

​​​​​​​@@NinjaRunningWild Having a virus masquerading as a firmware updater on your official site is not a good look and raises many questions. How did they not notice? Do they even check the stuff they upload onto their website? It's a sign of either negligence, incompetence, a malicious actor, or a mixture of all three. That said, the VAST majority of users will not be effected, given that most users don't even know that SSD firmware can be updated. Sabrent also doesn't have bugged SSDs like the Micron/Crucial MX500 and Samsung 990 Pro as far as I know. I had to install and tolerate Crucial Storage Executive since my MX500 came with bugged firmware that GREATLY increased drive wear.

Well, it doesn't. But, apparently the company fixes minor bugs, functionality, & performance. In theory anyways. I never personally felt a need to update my hub firmware & honestly I'm finding it more surprising that people do this than I am about the supply chain attack.

You can find the sample on MalwareBazaar with the hash: 3cfbdc299777aa885bd92fbf8098a86abf91db9d401cab601004ccb89bb8e8ee