What are the odds you buy an USB device and it has a payload on it? I have been learning about this and it’s an interesting an often overlooked topic. If buy you something off ebay for instance, supposedly new, but it’s known there are chinese knockoffs.. what are the odds that they are not only after money by selling knockoffs of a known brand, but also while you are at it install a payload on the chips? Is there a way to guarantee that a hardware you bought is really a real device from the advertised brand?
Simple answer is that you buy from a reputable retailer and brand and pay the price or close to it that the manufacturer advertises themselves. I never take risks with external drives I am buying.
However, I do believe reformatting it on your OS would or should also remove anything that may be on it. But I am not an expert on this albeit that’s what I often do with new or emppty drives before using them.
Payload is usually OS specific… Wont stop them from using a some sort of multiOS payload dropper but those are complex and expensive to develop to have an ongoing availability.
The low hanging fruit is usually Windows:
“Who uses Linux or Mac these days? Linux is only about 5% of the desktop out there.”