All USB devices have a microprocessor that provides a “class code” to tell the host device what it is. For the attack you describe to target a PC…, We rewrite the code on the microprocessor to identify our usb drive as a keyboard and then play a script to stream a load of keystrokes. A sample use might be to…. Disable windows defender and then pull and execute some malware from a web resource.

It’s similar for a juicejacking attack on a phone.