Skip to main content
Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

Microsoft Discovers New Lightweight Backdoor that Steals Cryptocurrency

Microsoft says the worm copies itself through infected USB drives and steals seed phrases, private keys and wallet addresses before sending them through Tor.

  • On Thursday, Microsoft detailed a new self-propagating Crypto Clipper worm that spreads via USB drives to steal cryptocurrency credentials by monitoring device clipboards and routing traffic through Tor.
  • Infection begins when users open malicious LNK files on USB drives. Microsoft noted, "The execution of this clipper is notable because it does not depend on a traditional installer or exposed IP-based C2 infrastructure."
  • Every half a second, the malware checks the clipboard for 12 or 24-word BIP39 seed phrases and targets Bitcoin, Ethereum, Tron, and Monero wallet addresses to redirect funds.
  • The malware captures five screenshots of the victim's screen every ten seconds, exfiltrating data through a SOCKS5 proxy while connections to "Localhost:9050" signal the campaign.
  • Security teams log 54% of successful attacks but alert on only 14%, making behavioral monitoring of EDR and SIEM rules critical to detecting this threat through unusual PowerShell activity.
Insights by Ground AI

12 Articles

Ars TechnicaArs Technica
Reposted by
technewstube.comtechnewstube.com
Center

Microsoft discovers new lightweight backdoor that steals cryptocurrency

Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency credentials, which it then sends to attacker-controlled servers. The company named the worm Crypto Clipper because it monitors the contents of device clipboards for patterns consistent with wallet addresses or seed phrases. When found, the malware also takes five screenshots over a 10-second period. Both the credentials and the…

·New York, United States
Read Full Article
BleepingComputerBleepingComputer
Center

USB worm spreads crypto-stealing malware via Windows shortcut files

Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication.

·New York, United States
Read Full Article
DailyCoin.comDailyCoin.com

Microsoft Warns of New ‘Crypto Clipper’ Malware Spreading via Infected USBs

Microsoft uncovers a new Windows "clipper" malware spreading via infected USB drives that stealthily hijacks cryptocurrency wallet addresses and steals funds using the hidden Tor network.

Read Full Article
CryptopolitanCryptopolitan

Microsoft flags 'CryptoBandits' malware draining wallets

Microsoft has flagged a malicious program that has been operating quietly since February and targets Windows machines. The malicious program, dubbed CryptoBandits, can steal seed phrases, keys, and wallets through the Tor network and is transferable via USB drives.  In a blog post published on June 17th, Microsoft Threat Intelligence and Microsoft Defender experts exposed a malicious campaign that has been draining crypto wallets without victims…

Read Full Article
Metaverse PostMetaverse Post

From Wallet Hijacking To Remote Control: Microsoft Exposes A New Wave Of Crypto Malware Targeting Windows Users

Technology company Microsoft has reported the discovery of a Windows-based cryptocurrency clipper malware campaign that has been targeting users since February 2026. The threat, identified by Microsoft Threat Intelligence and Microsoft Defender Experts, combines clipboard theft, cryptocurrency wallet targeting, and remote access capabilities to steal digital assets and maintain control over compromised systems. The malware is designed to interce…

Read Full Article
NewsBytesNewsBytes

Microsoft warns of self-spreading malware that steals cryptocurrency

Microsoft has identified Crypto Clipper, a self-propagating malware that spreads via USB drives, stealing cryptocurrency credentials and sending them through Tor.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe
Father's Day SaleGet 40% off Vantage subscriptions for yourself or a friend.Get Started

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in New York, United States on Thursday, June 18, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Cyberattacks icon

Cyberattacks

Windows icon

Windows

Microsoft icon

Microsoft

Cryptocurrency icon

Cryptocurrency

Technology icon

Technology

Business & Markets icon

Business & Markets

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal