Hackers from FIN7 cybercriminal group have been targeting various businesses with malicious USB devices acting as a keyboard when plugged into a computer. Injected commands download and execute a JavaScript backdoor associated with this actor. The FBI warns organizations and security professionals about this tactic adopted by FIN7 to deliver GRIFFON malware. The attack is a variation of the lost USB ruse that penetration testers have used for years in their assessments quite successfully and one incident was analyzed by researchers at Trustwave.
Source: https://www.bleepingcomputer.com/news/security/fbi-hackers-sending-malicious-usb-drives-and-teddy-bears-via-usps/