Malware analysis

Malware spotlight: Juice jackers

January 27, 2020 by Greg Belding


“Juice jacker” is a term for any number of malware and malware families that infect unsuspecting mobile devices plugged into public USB charge ports — you know, the ones that are sprinkled throughout most major airports and public venues. This type of malware provides a good illustration of how risk is at the heart of information security, and it is more dangerous than its largely hardware-centered cousin.

This article will detail the juice jacker type of malware. We’ll explore what juice jackers are, how they differ from the hardware type of juice jackers, how the malware type of juice jackers work, how juice jackers affect the real world, and how this type of malware can be thwarted.

What are juice jackers?

Imagine being in a major airport. After the hustle and bustle of checking in to your flight, you realize you forgot to fully charge your mobile device. Worse, it is currently at 5% battery power and you left your USB charger at home. Like most, you may opt to use one of the free USB charging stations that are all over the airport.

However, this may prove to be the death knell of your mobile device. Public USB chargers can be loaded with malware waiting to sink its proverbial teeth into your device.

A juice jacker is a catch-all type of malware that includes all malware loaded onto public USB charging stations. Whether the malware is a backdoor, banking Trojan or keylogger, this type of malware has one goal: to steal information and install malware that will further the goal and establish a presence on the device. This differs from the hardware type of juice jackers, which will be discussed below.

It should also be noted that while some consider juice jacking merely a type of attack, malware plays such a big role in how juice jacking works that it should not be overlooked as an emerging type of malware.

Authorities have recently issued warnings about using public USB power charging stations that are commonly seen in airports, hotels and other public locations due to this threat. While simply charging your mobile devices before traveling will help you avoid falling prey to juice jackers, the temptation of on-the-go charging capability in public locales is nearly ever present.

Two types of juice jacking

The juice jacking type of malware needs to be distinguished from its hardware-based counterpart, as mentioned above. The original inception of juice jacking involved cybercriminals replacing legitimate USB chargers with those that have information-stealing capabilities similar to credit card skimmers. Many lose sight of the fact that their mobile device (most commonly a smartphone) is loaded with personal information, including login credentials and banking information.

Later inceptions of juice jackers use USB cables that are preloaded with information stealing capabilities. The exposure to this type of juice jacking is limited to the amount of time that the device is plugged into the juice-jacking charger. Much like its malware counterpart, relatively simple and reasonable security measures can foil this threat.

The malware type of juice jackers are much more dangerous and approach attacks just like how malware that targets Windows systems does. This often means a slow, gradual process of infecting a system or device. This slow approach means that the user is unaware of the presence of the threat as it unfolds.

How do juice jackers work?

Juice jackers infect mobile devices by the user simply plugging them in to an infected USB charger. There is no one method to the juice jacker malware madness: rather, any number of different sub-types of malware can qualify as juice jackers, along with their different techniques of stealing information, because it is the attacker’s intent that really carries the day here. In proposed infection scenarios, the longer the USB device is plugged in, the more malware will be installed on the device.

Interestingly, the Los Angeles District Attorney that released the warning about juice jackers stated that there have been no reported cases of this type of malware attack. This should be thought of from a different angle: namely that you would not know whether you are infected until arguably long after you used the infected charger, much like how you may not know which website your Windows system picked up malware on. All that matters is that it is indeed infected.

What is the impact on the real world?

Juice jackers impact the real world because, let’s face it, public USB charging port kiosks are very tempting when your mobile device battery power is drained. This temptation even has an effect on information security professionals.

In past years at the DefCon hacking conference, a Wall of Sheep was used to prove a point about this. It was a public USB charging station that issued a warning about using public USB charging services and that it was not like those other risky public USB charging stations. Those who used it ended up having their login credentials projected onto a wall in the convention venue.

How can juice jackers be thwarted?

Juice-jacking malware can be avoided in many easy ways.

First, always bring both your own mobile device charger and USB cord. In case you find yourself out there without one there are two measures you can take to prevent this malware from entering your device. A simple passcode or facial recognition security measure will prevent this type of malware as well as charging your device with it powered down.


Juice jacker malware is aimed at stealing personal information and other resources from mobile devices. This malware is loaded onto public USB charging stations and can infect devices by simply plugging them in. Luckily, simple information security measures couples with an iota of cybersecurity awareness can stop this type of malware in its tracks.



  1. November 8, 2019: ‘Juice Jacking’ Criminals Use Public USB Chargers to Steal Data, Los Angeles County District Attorney’s Office
  2. What Is “Juice Jacking”, and Should I Avoid Public Phone Chargers?, How-To Geek
  3. Juice Jacking, Wall of Sheep
  4. Beware of Juice-Jacking, Krebs on Security
  5. Explained: juice jacking, Malwarebytes
Posted: January 27, 2020
Greg Belding
View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.