Key facts
- Microsoft has identified malware that targets cryptocurrency transfers.
- The malware spreads via USB drives.
- It intercepts copied cryptocurrency wallet addresses.
- The malware replaces copied addresses with attacker-controlled ones.
- This occurs before the user pastes the address.
- Microsoft advises disabling USB AutoRun.
- Microsoft advises blocking .lnk file execution.
- Users are advised to always verify wallet addresses before pasting.
Microsoft has issued a warning regarding new malware capable of hijacking cryptocurrency transfers. This malware spreads through USB drives and operates by stealthily replacing a user's copied cryptocurrency wallet address with an attacker-controlled address just before it is pasted. This technique, often referred to as "cryptojacking," allows malicious actors to divert funds intended for legitimate transactions into their own wallets. The company advises users to take specific precautionary measures to protect themselves from this threat. These recommendations include disabling the USB AutoRun feature on their devices, which prevents automatic execution of programs when a USB drive is inserted. Additionally, Microsoft suggests blocking the execution of .lnk files, a type of shortcut file that can be used to launch malicious code. A critical step for users is to always verify the wallet address on the clipboard before completing any cryptocurrency transaction, ensuring it matches the intended recipient's address. This proactive verification can prevent funds from being sent to an incorrect, attacker-controlled destination.