Key facts
- Microsoft has identified malware that spreads via USB.
- The malware targets cryptocurrency transfers.
- It works by swapping copied wallet addresses with attacker-controlled ones before pasting.
- Recommendations include disabling USB AutoRun and blocking .lnk file execution.
- Users are urged to always verify wallet addresses after copying and pasting.
Microsoft has identified a new form of malware that spreads through USB devices and poses a significant risk to cryptocurrency transfers. The malicious software operates by intercepting wallet addresses that users copy to their clipboard. Before a user can paste the address into a transaction, the malware silently replaces it with an address controlled by the attacker. This means that even if a user copies the correct address, the transaction will be sent to the attacker's wallet instead of the intended recipient.
To mitigate this threat, Microsoft recommends several security measures. Users should disable the AutoRun feature for USB devices, which prevents malware from automatically executing when a USB drive is inserted. Additionally, blocking the execution of .lnk (shortcut) files can help prevent the malware from running. Crucially, Microsoft advises all users to meticulously verify cryptocurrency wallet addresses after pasting them, ensuring the address displayed matches the intended recipient's before confirming any transaction.