Not sure if this threat exists in Linux given Nautilus and similar file managers, but if the attacker can get you to open a file on the USB key (perhaps an innocuous looking symbolic link to an executable shell script?) that could have the same effect.
The use of a silently unencrypted password store in Chrome on Linux is horrible - something like LastPass (http://lastpass.com) would be much safer, though still vulnerable to keyloggers of course. (Windows keyloggers are quite sophisticated these days - the Zeus trojan captures a screenshot near the mouse pointer each time a key is typed, to bypass virtual on-screen keyboards as a defence.)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds