At Black Hat USA, the security researcher Elie Bursztein demonstrated the dangers of found USB drives. He demonstrated how to create a malicious USB drive with HID (human interface device) that would allow an attacker to control his PC or Mac. The malicious code used by the researcher is a reverse TCP shell that connects back to a server chosen by the attacker. The attacker was able to work even when the victims PC is not connected to the Internet and makes use of a scripting language to avoid detection.”]
Source: https://securityaffairs.co/wordpress/49999/hacking/found-usb-drive-hack.html