Windows Users Warned of Crypto Clipper Malware Spreading Via USB Drives

Microsoft has warned Windows users about a cryptocurrency clipper malware spread via USB drives. The malware, which has been affecting users since February, steals clipboard data to extract wallet credentials using 'high-frequency clipboard theft, screenshot exfiltration, and wallet-address substitution,' according to Microsoft.

The crypto clipper hides legitimate files and replaces them with lookalike shortcuts, so victims unknowingly execute malware while a worm component propagates automatically to USB storage devices. This malware is insidious because it's more than just an info stealer, it functions as a backdoor, meaning that attackers can push and execute arbitrary code on infected machines at any time.

The execution of this clipper is also notable because it does not depend on a traditional installer or exposed IP-based infrastructure. Microsoft researchers said: 'This malware family shows how lightweight, script-based stealers can deliver outsized impact when paired with anonymized communications and runtime tasking.'