1 storiesAI & TechnologyAI agents & autonomous systemsAI safety & alignmentAI ethics, bias & hallucination

Microsoft Discovers Crypto-Stealing Malware Spreading Via USB

21 Jun · 9:00 AMwindow 24h

IN SHORT

Microsoft has uncovered a new malware strain named Crypto Clipper that targets cryptocurrency users by spreading through malicious shortcut files on USB drives. This malware operates by monitoring a user's clipboard for cryptocurrency wallet addresses. Once detected, it replaces the legitimate address with one controlled by the attackers, thereby diverting funds. The malware also utilizes the Tor network to establish communication channels, making it harder to trace its origins and activities.

Who's Involved

Microsoft

company that discovered the Crypto Clipper malware

Key facts

Microsoft has discovered a new malware strain.
The malware is named Crypto Clipper.
Crypto Clipper targets cryptocurrency.
The malware spreads via malicious shortcut files on USB drives.
It monitors clipboards for cryptocurrency wallet addresses.
It replaces legitimate wallet addresses with attacker-controlled ones.
The malware uses the Tor network for communication.

Microsoft has discovered a new cryptocurrency-stealing malware, identified as Crypto Clipper, which is being distributed via malicious shortcut files on USB drives. This malware is designed to compromise cryptocurrency transactions by actively monitoring a user's clipboard. When a cryptocurrency wallet address is detected, Crypto Clipper replaces the legitimate address with an attacker-controlled address. This malicious substitution ensures that any funds intended for the user are instead sent to the attackers. To maintain stealth and evade detection, the malware employs the Tor network for its communication infrastructure. This allows it to communicate with its command-and-control servers anonymously, making attribution and disruption efforts more challenging for cybersecurity professionals.

Frequently asked questions

Crypto Clipper spreads through malicious shortcut (.lnk) files that are distributed on USB storage devices. When an infected USB is plugged in, these shortcuts can execute the malware.

The malware monitors the clipboard for cryptocurrency wallet addresses and seed phrases. It steals these by replacing copied addresses with attacker-controlled ones and also captures screenshots.

It uses a portable Tor client and a SOCKS5 proxy to establish anonymous communication with a hidden-service command-and-control server, making it difficult to trace.

Strong indicators include script interpreters spawning suspicious child processes, localhost:9050 proxy usage, screen-capture commands in PowerShell, and signs of clipboard inspection or crypto-address replacement.

What Happens Next

Key facts

Microsoft has discovered a new malware strain.

The malware is named Crypto Clipper.

Crypto Clipper targets cryptocurrency.

The malware spreads via malicious shortcut files on USB drives.

It monitors clipboards for cryptocurrency wallet addresses.

It replaces legitimate wallet addresses with attacker-controlled ones.

The malware uses the Tor network for communication.

Frequently asked questions

Crypto Clipper spreads through malicious shortcut (.lnk) files that are distributed on USB storage devices. When an infected USB is plugged in, these shortcuts can execute the malware.

The malware monitors the clipboard for cryptocurrency wallet addresses and seed phrases. It steals these by replacing copied addresses with attacker-controlled ones and also captures screenshots.

It uses a portable Tor client and a SOCKS5 proxy to establish anonymous communication with a hidden-service command-and-control server, making it difficult to trace.

Microsoft Discovers Crypto-Stealing Malware Spreading Via USB

Who's Involved

Key facts

Frequently asked questions

What Happens Next

Microsoft Discovers Crypto-Stealing Malware Spreading Via USB

Who's Involved

Key facts

Frequently asked questions

What Happens Next

Get the newsletter.

All stories in this theme

Microsoft Discovers Crypto-Stealing Malware Spreading Via USB

PiQ Daily

Who's Involved

Key facts

Frequently asked questions

+ How does Crypto Clipper spread?

+ What does Crypto Clipper steal?

+ How does Crypto Clipper communicate with attackers?

+ What are the indicators of infection?

What Happens Next

Microsoft Discovers Crypto-Stealing Malware Spreading Via USB

PiQ Daily

Who's Involved

Key facts

Frequently asked questions

+ How does Crypto Clipper spread?

+ What does Crypto Clipper steal?

+ How does Crypto Clipper communicate with attackers?

+ What are the indicators of infection?

What Happens Next

Get the newsletter.

All stories in this theme