A popular Christmas gift sold at chain store Typo has caught the attention of IT security experts because of the software installed on it.
The LED name badge can be programmed to display any message you want, but hidden software installed on the device could open up your PC to overseas hackers.
The vulnerability gives hackers access to your personal photos, credit card information - or even worse, hackers may demand money in return for unblocking access to your own files.
"It may be for the purposes of downloading ransomware, which essentially encrypts your hard drive unless you pay the attacker a set of money in order to get your files back," says tech expert Simon McCash.
This particular software is extra tricky as it attaches itself to essential parts of the computer's code, making it harder to detect and delete.
So, how did the malicious software get in to a product that was then sold across the country?
"It could be an individual in the factory making the LED, or it could be a corporation overseas it's hard to tell - they'll be doing it en mass to try get as many people as possible," Mr McCash says.
In a statement on Monday afternoon, Typo said they had recently become aware of the issue with the badges and customers can download the fixed software from their website rather than from the USB stick.
However the original USB stick, with the corrupted files, is still included with the product, and at no point during the three times Newshub purchased the item were we told not to use the USB stick to install the software.
As of Monday evening, the LED message badge remains on sale.
Newshub.
