Microsoft Flags 'Crypto Clipper' Malware Spreading via USB Drives
A newly identified malware strain combines cryptocurrency theft with remote access capabilities, Microsoft warns, marking an escalation in USB-borne threats.
Microsoft has issued a warning about a sophisticated piece of malicious software dubbed 'Crypto Clipper,' which spreads through USB drives and poses a compounded threat to users by merging two distinct attack categories into a single payload. The discovery signals a notable evolution in how financially motivated cybercriminals are packaging their tools.
At its core, the malware operates by intercepting cryptocurrency wallet addresses copied to a user's clipboard — a classic 'clipper' technique — and silently substituting them with addresses controlled by the attacker. This means any crypto transaction a victim believes they are sending to a legitimate recipient can be quietly redirected without obvious indication of tampering.
Read more Apple to Raise Prices as Memory Costs Hit Breaking Point →
What makes this particular strain more alarming, according to Microsoft, is that it does not stop at simple data theft. The software also incorporates remote code execution capabilities, effectively transforming what would otherwise be a narrowly focused financial stealer into what the company describes as a 'lightweight backdoor.' That dual functionality gives attackers persistent, flexible access to compromised machines well beyond any single transaction they might hijack.
The USB delivery vector adds another layer of concern. Physical media attacks are harder to detect than network-based intrusions and can reach air-gapped or otherwise hardened environments that standard phishing campaigns cannot easily penetrate. Organizations with shared workstations or loose policies around external storage devices face heightened exposure. The combination of a low-tech propagation method with a high-capability payload is precisely the kind of threat that tends to slip past defenses calibrated for purely digital attack surfaces.
For individual users and enterprise security teams alike, the advisory underscores the enduring relevance of basic hygiene: disabling autorun on removable media, maintaining updated endpoint protection, and exercising extreme caution when verifying cryptocurrency addresses before confirming any transaction. Continue reading at Cointelegraph.
