Microsoft has issued a warning about a cryptocurrency-stealing malware that has been active since at least February 2026, which is a serious threat to crypto holders and anyone handling digital assets. 

According to Microsoft Threat Intelligence, the malware, detected as Trojan/CryptoBandits, uses several attack vectors within a single application. The virus spreads via infected USB drives, and as sensitive information is stolen, the Tor network is used to transmit the data to hackers, which ensures a secure transmission layer. 

You Might Also Like
Fri, 06/19/2026 - 05:32 Bitcoin Close to Dropping Out of Top 20ByAlex Dovbnya
HOT Stories Bitcoin Close to Dropping Out of Top 20 Bitcoin (BTC), Dogecoin (DOGE), XRP and Shiba Inu (SHIB) Price Analysis for June 19: Cryptocurrency Market Needs Momentum

The infection typically starts when a victim opens a malicious Windows shortcut (.LNK) file stored on a USB drive. Once executed, the malware scans the system for common document types such as PDF, DOC, and XLSX files. It then hides the legitimate files and replaces them with malicious shortcuts carrying identical names, increasing the likelihood that additional users will unknowingly trigger the malware.

At the core of the operation is a 'clipper' component designed to monitor clipboard activity. Every 500 milliseconds, the malware checks copied content for cryptocurrency wallet addresses, private keys, and recovery phrases. When it detects a wallet address, it silently replaces it with an attacker-controlled alternative. Every copy-and-paste operation turns into a direct opportunity for hackers to easily swap the address you are withdrawing your funds to. 

You Might Also Like
Thu, 06/18/2026 - 16:28 AI to Accelerate XRP Ledger Adoption: EasyA Co-Founder Shares 'Bullish' OutlookByGamza Khanzadaev

Microsoft says the malware targets multiple cryptocurrency ecosystems, including Bitcoin, Ethereum, Tron, and Monero. It also searches for 12- and 24-word BIP39 seed phrases, which can provide complete access to a victim's wallet. Stolen data is then transmitted through the Tor network in order to avoid any tracing that could lead law enforcement to the hackers' real addresses or locations.

Beyond cryptocurrency theft, researchers found that the malware can capture screenshots and execute attacker-supplied code remotely. Essentially, it installs a backdoor on your system that is designed to steal data and access cryptocurrency wallets or even exchange accounts containing your assets. 

The use of a bundled Tor client, scheduled tasks for persistence, and worm-like USB propagation makes the campaign particularly difficult to detect and disrupt. Microsoft advises users to verify wallet addresses before sending transactions, avoid opening unknown shortcut files, and remain cautious when using removable media devices.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。