BadUSB

The BadUSB attack was first revealed during a Black Hat talk in 2014 by Karsten Nohl, Sascha Krißler and Jakob Lell.

[4] In 2017, version 1.0 of the USG dongle, which acts like a hardware firewall, was released, which is designed to prevent BadUSB style attacks.

[5] In March 2020, the FBI issued a warning that members of the FIN7 cybercrime group had been targeting companies in the retail, restaurant, and hotel industries with BadUSB attacks designed to deliver REvil or BlackMatter ransomware.

[6] One intended target was sent a package in the mail which contained a fake gift card from Best Buy as well as a USB flash drive with a letter stating that the recipient should plug the drive into their computer to access a list of items that could be purchased with the gift card.

[8][9] As above, when plugged in, the USB drives emulate a keyboard, and then initiate a series of keystrokes which open a PowerShell window and issue commands to download malware.

At 2, the USB controller which the custom firmware can be flashed to is visible.