USB propagation is malware spread through removable drives, flash disks, external hard drives, or other plug-in media. Unlike phishing or internet-based exploits, this method relies on physical movement: an infected device is inserted into another computer, and the malware uses that trusted connection to copy itself, trigger automatically, or lure a user into opening a malicious file.
This matters because USBs can cross security boundaries. They are common in offices, labs, industrial systems, and offline machines where network filtering may not help. Attackers use USB propagation to reach isolated endpoints, while defenders counter it with device control, autorun restrictions, application allowlisting, scanning of removable media, and least-privilege policies. In real incidents, USB-based spread often appears alongside other stealth features, making it harder to detect and contain than a purely network-based infection.



