In a surprising revelation, a seemingly ordinary computer mouse, priced at just $44, is capable of breaching system security. Known as Evilmouse, this device masquerades as a regular peripheral but functions as a covert keystroke injector, reminiscent of the Hak5 Rubber Ducky. Its benign appearance allows it to evade basic user awareness training, making it a potent tool for cyber intrusions.
How Evilmouse Operates
Once connected, Evilmouse autonomously executes commands and can deliver reverse shells, operating discreetly without raising alarms. Unlike traditional USB drives that often trigger security protocols, the functional design of this mouse allows it to blend seamlessly into any workspace. Evilmouse cleverly retains the original mouse functionalities through an integrated USB hub, ensuring that standard operations such as cursor movement and button clicks remain unaffected.
Cost-Effective Design
Crafted using inexpensive components, the Evilmouse undercuts the cost of similar devices like the Rubber Ducky, which typically sell for around $100. The materials required for its assembly include a RP2040 Zero microcontroller, an Adafruit 2-Port USB Hub Breakout, and an Amazon Basics Mouse, among others. This affordability democratizes access to hardware implants, whether for legitimate security testing or malicious purposes.
Assembly and Functionality
Constructing the Evilmouse involves modifying the housing of a typical $6 mouse by removing certain internal structures. The RP2040 Zero, equipped with CircuitPython firmware, manages the exploitative tasks. Due to incompatibility with existing scripts, custom code was developed to establish a Windows AV-safe reverse shell. The assembly process requires precision, particularly in soldering and wire routing, to maintain both functionality and stealth.
A demonstration showcased Evilmouse’s capability to establish an admin-level reverse shell on a separate machine within seconds of being plugged into a computer, highlighting its effectiveness. Enhancements such as hidden command prompts and scheduled tasks further increase its persistence, making it a formidable tool against conventional security measures like Windows Defender.
Implications and Countermeasures
Evilmouse serves as a stark reminder of the vulnerabilities associated with Human Interface Devices (HIDs). By emulating trusted peripherals, it exploits the inherent trust in USB’s plug-and-play nature. To mitigate such threats, organizations are advised to implement USB device whitelisting, utilize endpoint detection tools to identify unusual keystroke patterns, and enforce physical port restrictions.
This device offers a cost-effective option for penetration testers seeking alternatives to commercial equipment. Future developments may include enhancements such as faster injection times or remote triggers using programming languages like Rust. For ongoing cybersecurity updates and insights, follow us on Google News, LinkedIn, and X.
