Main Menu

    ByteBait USB: a robust simulation toolkit for badUSB phishing campaign

    Citation

    Li, Wenhao and Manickam, Selvakumar and Chong, Yung Wey and He, Yongqing and Ho, Yean Li and Li, Binyong (2025) ByteBait USB: a robust simulation toolkit for badUSB phishing campaign. Journal of King Saud University Computer and Information Sciences, 37 (5). ISSN 1319-1578

    [img] Text
    s44443-025-00067-6.pdf - Published Version
    Restricted to Repository staff only
    Download (3MB)

    Abstract

    Phishing, a prevalent cybercrime using social engineering, threatens individuals and enterprises despite existing protections. This paper addresses BadUSB devices in phishing campaigns, which exploit inherent trust in USB devices to execute malicious actions like keystroke injection. These attacks are particularly dangerous as their malicious code resides in firmware, evading traditional antivirus solutions. While enterprises have adopted phishing awareness training, there remains a significant gap in simulated BadUSB phishing campaigns. Our study employs a multifaceted approach starting with a survey of public awareness and behaviors regarding BadUSB threats. We examine the lifecycle of simulated BadUSB phishing campaigns in enterprise environments, develop a detailed threat model, and propose solutions through ByteBait USB, a comprehensive simulation toolkit. This toolkit features advanced capabilities including long-range communication, motion detection, trajectory tracking, and efficient power management, creating a realistic simulation environment. To our knowledge, this represents one of the first efforts to develop a BadUSB simulation toolkit, complementing existing resources for simulating phishing emails and websites. The proposed toolkit has been validated through real-world simulations, demonstrating its effectiveness in enhancing security awareness against sophisticated USB-based threats.

    Item Type: Article
    Uncontrolled Keywords: BadUSB, HID attack, Simulated phishing attack, Anti-phishing, Phishing awareness, Security education
    Subjects: H Social Sciences > HV Social pathology. Social and public welfare. Criminology > HV7231-9960 Criminal justice administration > HV7431 Prevention of crime, methods, etc.
    Divisions: Faculty of Information Science and Technology (FIST)
    Depositing User: Ms Suzilawati Abu Samah
    Date Deposited: 29 Jul 2025 00:25
    Last Modified: 31 Jul 2025 01:29
    URII: http://shdl.mmu.edu.my/id/eprint/14318

    Downloads

    Downloads per month over past year

    View ItemEdit (login required)

    MMU Institutional Repository is powered by EPrints | Tun Dr. Hasmah Mohd Ali Digital Library | Multimedia University