USB Shortcut Malware Spreads Crypto Wallet Theft and Remote Access

Microsoft has issued a warning about a new malware threat that targets Windows users through USB shortcut infections. This crypto malware, detected by Microsoft's security research team and response group, has been active since February.

The attack begins with malicious Windows shortcut files found on USB drives, which hide real documents and create fake shortcuts with the same file names. Once opened, the malware monitors the clipboard for 12-word and 24-word seed phrases, Ethereum private keys, Bitcoin private keys, and wallet addresses that are copied there.

The malware can also replace a copied crypto address with an attacker-controlled one before a transaction is sent, giving the attackers more information about wallets, balances, and even opened apps. As Microsoft said, this tool can receive new commands from attackers, making it more than a basic crypto wallet stealer.