New lightweight, self-propagating crypto stealing malware delivered by USB spotted by Microsoft researchers Crypto Clipper script-based stealer hunts for vulnerable wallets
Date:
Mon, 22 Jun 2026 18:15:00 +0000
Description:
Microsoft details a newly discovered wormlike infostealer called Crypto Clipper.
FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Microsoft warns of Crypto Clipper, a worm spreading via malicious .LNK files on USB drives Malware maintains persistence, connects to Tor C2, enables remote code execution, and steals clipboard crypto data It swaps wallet addresses, exfiltrates seed phrases/private keys, and uploads screenshots to assess target value
Microsoft is warning of an ongoing campaign targeting cryptocurrency owners with a clipboard-jacking worm.
In a new in-depth report published late last week, Microsofts security researchers explained that they recently analyzed a thumb drive that
contained seemingly normal documents (Word files, Excel spreadsheets). However, the documents were replaced with Windows shortcut (.LNK) files which actually launched a piece of malware called Crypto Clipper. This malware does a couple of things. First, it spreads by creating malicious .LNK files on USB drives and other removable media. It also sets up scheduled tasks to maintain persistence and automatically infect newly connected USB devices. Second, it behaves like a backdoor by regularly contacting a C2 server over the Tor network and receiving commands from the attacker. The server can also send commands to have the malware download and execute attacker-supplied code on the infected system, as well. Latest Videos From Watch full video here: Stealing wallet data Finally, Crypto Clipper acts as a clipboard clipper by monitoring the Windows clipboard for cryptocurrency wallet addresses, seed phrases, and private keys. If it spots a wallet address, it can replace it with a different one, owned by the attackers, so that any tokens sent by the victim go to the attacker, instead. It can also steal and exfiltrate copied seed phrases and private keys, which can be used to load a victim's crypto wallet on a separate device.
To help attackers assess the value of a target, the malware periodically captures screenshots of the victim's screen and uploads them through the Tor network. You may like Hackers are hijacking legitimate news websites and reviews to drum up publicity Another worrying macOS malware scheme has been discovered here's how to stay safe Microsoft experts warn North Korean attackers are targeting macOS users
This malware family shows how lightweight, script-based stealers can deliver outsized impact when paired with anonymized communications and runtime tasking, Microsoft said. The combination of Tor-routed C2, clipboard targeting, screenshot capture, and remote code execution gives attackers both immediate monetization paths and continued control over compromised devices.
Microsoft did not say if the malware targeted any specific countries or regions, nor did it discuss the number of victims. Are you a pro? Subscribe
to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Via Ars Technica The best antivirus for all budgets Our top picks, based on real-world testing and comparisons
Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
======================================================================
Link to news story:
https://www.techradar.com/pro/security/new-lightweight-self-propagating-crypto -stealing-malware-delivered-by-usb-spotted-by-microsoft-researchers-crypto-cli pper-script-based-stealer-hunts-for-vulnerable-wallets
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)