Security researchers at Microsoft have identified a malicious campaign targeting cryptocurrency users through removable storage devices. The malware, known as a 'Crypto Clipper,' is designed to intercept and swap digital wallet addresses stored in the clipboard, diverting funds to attacker-controlled accounts during transactions.
Beyond its primary function as a financial thief, the malware possesses advanced capabilities. Microsoft noted that the software allows for remote code execution, effectively transforming what appears to be a simple wallet-drainer into a persistent backdoor that grants hackers deeper access to compromised Windows systems.
The infection vector relies on physical USB drives to propagate, making it a persistent threat in environments where external hardware is frequently exchanged. Once plugged into a workstation, the malware automates its execution to monitor user activity and system processes in the background.
To mitigate the risk, security experts are urging users to exercise extreme caution when connecting untrusted flash drives to their devices. Disabling 'AutoRun' features and maintaining updated antivirus software remain the most effective defenses against this evolving strain of cryptojacking software.
