👉 I am using my Samsung S7 to install Remote Administration Tool (Metasploit RAT) just by plugging it into the laptop and triggering my script that automatically backdoors the machine.
👉 How it works:
Once my smartphone plugs-in the laptop, it behaves as HID device, simply put – a keyboard, that will type in all my commands such as download RAT from my server, ignore Windows Defender warning and launch it. As a result, I achieved reverse shell on my other Android that will allow me to control the laptop.
👉 How to prevent this scenario
1) Don’t let anyone charge their smartphones in your PC
2) Use security software that will detect Metasploit payload
3) USB condom should help