According to Microsoft’s cybersecurity researchers, there is a new sophisticated cryptocurrency theft campaign.
"CryptoBandits," which is the quirky name of the aforementioned campaign, takes typical "clipper" malware to a whole new level.
Traditional "clipper" malware has been around for ages. If it detects that you have copied a cryptocurrency wallet address, it swaps it out for the attacker’s address.
HOT Stories Bitcoin Whale Wallets See Major Rebound Hyperliquid (HYPE), Bitcoin (BTC), XRP and Dogecoin (DOGE) Price Analysis for June 17: Reclaiming the Bullish Narrative
The new malware replaces copied crypto addresses with the attacker's wallet. It spreads via infected USB drives by disguising itself as regular documents. Moreover, communications are routed through a hidden "dark web" Tor network.
You Might Also Like
Wed, 06/03/2026 - 05:38 Microsoft Warns of Crypto-Stealing TrojanByAlex Dovbnya
After ending up on the victim's computer, the malware, which gets through via a USB, searches for common files (like .doc, .pdf, or .xlsx), hides them, and creates malicious shortcut files (.lnk) with the exact same names. Double-clicking the shortcut silently launches the infection.
Then, a portable Tor client gets installed to route all its internet traffic via a hidden proxy.
It checks the clipboard of its potential victim every half-second for "seed phrases" and replaces it with a similar address (which, of course, is malicious).
What makes it so potent
Notably, the campaign does not rely on massive installer files that can be easily detected. It actually uses built-in Windows scripting tools, which is exactly why it is so potent. This makes it extremely difficult for antivirus software to catch simply by scanning files.
How to protect yourself
PC users have been advised to be USB-cautious, meaning that they should think carefully before sticking unknown flash drives into their computers. One should always double-check addresses and never rely solely on one's clipboard. Finally, one should also take care of their security tools, making sure that Microsoft Defender remains up to date.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
