Microsoft found malware that hijacks crypto wallets and spreads through USB sticks
The software intercepts shortcut files and directs them to install a worm that harvests private keys from the Windows clipboard and inserts its own destination wallet addresses when it detects a transfer.
Make preferred on
Share this article
Summary
- The malware dubbed a “crypto clipper,” has been spreading via infected USB drives to target Windows users’ crypto wallets since February, according to Microsoft.
- Once installed through a malicious .lnk shortcut file, the worm known as Trojan:Win32/CryptoBandits monitors the clipboard for seed phrases, private keys and recipient addresses, exfiltrates data over the Tor network, and can silently swap in attacker-controlled wallet addresses.
- The malware propagates by replacing documents on clean USB drives with identically named shortcuts
- Microsoft urged users to disable AutoRun, block .lnk execution on USB media, restrict script hosts and check networks against published indicators of compromise.
