Key facts
- Microsoft discovered a new malware called Crypto Clipper that steals cryptocurrency.
- The malware spreads through malicious shortcut files (.lnk) distributed on USB drives.
Microsoft Discovers Crypto-Stealing Malware Spreading Via USB
IN SHORT
Microsoft has identified a new cryptocurrency-stealing malware, dubbed Crypto Clipper, that spreads through malicious shortcut files on USB drives. The malware monitors clipboards for wallet addresses, replaces them with attacker-controlled ones, and uses Tor for communication.
Key Numbers
February 2026Malware active since
500 millisecondsClipboard monitoring frequency
10 secondsScreenshot capture duration
12- or 24-wordSeed phrase patterns monitored
Who's Involved
Microsoft Threat Intelligence
Discovered and analyzed the Crypto Clipper malware
Microsoft Defender Experts
Assisted in identifying the Crypto Clipper malware
Microsoft Defender for Endpoint
Detects malware components as Suspicious JavaScript process and Possible data exfiltration using Curl
Microsoft Defender Antivirus
Detects the malware as Trojan:Win32/CryptoBandits.A
↳ Why This Matters
This sophisticated malware poses a significant threat to cryptocurrency users by actively stealing funds and maintaining a persistent backdoor on infected systems, highlighting the evolving tactics of cybercriminals in targeting digital assets.