Microsoft Warns of USB-Spread Malware Targeting Crypto Wallets
A new 'Crypto Clipper' malware spreading via USB drives can steal your funds and hijack your device, Microsoft says.
If you've been plugging random USB drives into your computer, now is a really good time to stop. Microsoft has sounded the alarm on a nasty piece of malware dubbed 'Crypto Clipper' that spreads through USB drives and specifically targets cryptocurrency users — the kind of threat that can quietly drain your digital wallet before you even notice something's wrong.
So what exactly does a Crypto Clipper do? In plain terms, it watches your clipboard — that temporary storage your device uses when you copy and paste text. When you copy a crypto wallet address to send funds, the malware swaps it out for a different address controlled by the attacker. You think you're sending Bitcoin (or any other coin) to your intended recipient, but you're actually handing it straight to a thief. It's a sleek, low-effort attack that exploits a very human habit: nobody actually reads those long, jumbled wallet addresses.
Read more JP Morgan Warns Tax Uncertainty Is Shaking Up Wealth Plans →
What makes this particular strain especially alarming, according to Microsoft, is that it doesn't stop at simple theft. The malware combines data-stealing capabilities with remote code execution, which Microsoft described as "turning a financially motivated stealer into a lightweight backdoor." In other words, hackers don't just grab your crypto and run — they can potentially maintain ongoing access to your machine, opening the door to further damage well beyond your wallet.
The USB delivery method is a classic social-engineering trick that's making a comeback. Unlike phishing links or sketchy downloads, a physical drive can bypass a lot of standard online security filters. All it takes is one curious plug-in — maybe from a drive left on a desk or handed to you casually — and the malware silently gets to work. The lesson here is straightforward: treat unknown USB drives the way you'd treat a mysterious package left on your doorstep.
To protect yourself, always double-check crypto wallet addresses character by character before hitting send, avoid plugging in unfamiliar USB devices, and keep your antivirus software current. The cost of one moment of carelessness in crypto can be permanent — there's no bank to call for a reversal. Continue reading at Cointelegraph.
