吴说区块链|6月 19, 2026 03:11
According to WuShuo, the Microsoft Threat Intelligence team and Microsoft Defender experts have discovered a Windows-based crypto clipboard trojan that has been affecting users since February 2026. This malware spreads via malicious .lnk shortcuts, leveraging Windows Script Host and ActiveX to launch a built-in Tor proxy. It polls hidden service C2 servers, enabling it to frequently steal clipboard data, capture screenshots, replace crypto wallet addresses, and exfiltrate mnemonic phrases, private keys, and other information through Tor. Microsoft stated that the trojan also has worm-like propagation capabilities, hiding original files on USB storage devices and creating malicious shortcuts with the same name. It achieves execution and persistence through scheduled tasks. Microsoft Defender Antivirus detects it as Trojan:Win32/CryptoBandits.A.
https://(wublock123.com)/news/microsoft-windows-crypto-clipboard-trojan-tor-usb-worm-propagation-63070
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink