USB Thief is a data stealing malware agent that resides on an infected USB device.  ESET has excellent documentation on this new advanced threat.

http://www.darkreading.com/attacks-breaches/dangerous-new-usb-trojan-discovered/d/d-id/1324853

http://www.welivesecurity.com/2016/03/23/new-self-protecting-usb-trojan-able-to-avoid-detection/

‘USB Thief’ could be used for targeted purposes, researchers at ESET say.  The Internet and the growing interconnectedness of networks have made it incredibly easy for threat actors to deliver and propagate malware. But not all cyber threats are Internet-borne.  Take USB Thief, new malware sample that researchers at security firm ESET recently discovered.  As its name implies, the malware is completely USB-borne, meaning it spreads exclusively through devices that plug into the USB port of computers.

This data-stealing Trojan could be used for targeted attacks on systems disconnected from the Internet. Some obvious examples of air-gapped systems that would fall into this category, and that would be of interest to the authors of USB Thief, would be industrial control systems controlling equipment at critical infrastructure facilities including power plants, nuclear facilities, shipyards, and elsewhere.  ESET describes it as very sophisticated, especially for its ability to avoid detection and reverse engineering.

The malware attaches as a plugin or a dynamically linked library (DLL) into the command chain of applications that are typically stored on USB devices, like Firefox, Notepad++, and TrueCrypt, ESET security researcher Tomas Gardon said in the blog post announcing the discovery.

Whenever these applications are executed, the malware runs in the background and steals data without giving users an inkling of what’s going on. Because it exists on a USB stick, the malware leaves no trace of its presence on any computer on which it runs. USB Thief’s real difference, though, lies in its self-protecting capabilities, according to Gardon. For starters, each malware sample is tied directly to the specific USB stick on which it is installed. A sample of USB Thief from one USB will not run if it is copied and pasted on another device.