Knocking on the wrong door
According to Trustwave, this affected file is automatically executed when a user plugs the dongle. It’s designed to fire up the default web browser and point it to the dongle’s device management interface.
However, Huawei hasn’t set proper permissions on the file. This enables any authenticated user on the computer to overwrite the file.
Rakhmanov explains that all a malicious user needs to do is to replace the contents of the file with their own malicious code. Now when a user plugs in the dongle, it’ll automatically execute the malicious code.