1 hour ago
Microsoft has alerted astir a malware that spreads done flash drives that usage Windows shortcut files to infect devices. The alleged “clipper” malware searches for crypto addresses successful the clipboard and substitutes them with different addresses controlled by attackers.
Key Takeaways
- Microsoft Defender flagged a caller USB malware that exposes bitcoin transactions to theft.
- The publication steals 12 oregon 24-word effect phrases, threatening tron and monero wallet security.
- Microsoft adjacent urges users to artifact shortcuts to halt the malware from spreading trough removable drives.
Microsoft Alerts About Windows Malware That Changes Cryptocurrency Addresses
The squad down Microsoft Defender, Windows’ embedded malware and microorganism information tool, has warned astir a caller menace that uses shortcuts to infect devices, principally utilizing USB drives.
The malware replaces files connected removable media retention devices with shortcuts (.lnk files) that trigger the corruption erstwhile executed, takes countermeasures against imaginable scanning and deletion by antivirus software, and uses anonymized Tor-powered connection to debar detection.
At the aforesaid time, the malware propagates by copying itself to immoderate USB drives inserted into an infected computer. It besides runs a process that tin execute assorted tasks, including changing the addresses copied by users into the clipboard of the infected device.
The malware, which continuously runs connected the affected device, scans representation for what Microsoft calls “high-value fiscal artifacts,” detecting 12 oregon 24-word BIP39 seed phrases successful clipboard information and sending them to the attackers, on with 5 screenshots to springiness discourse astir the wallet contents and the funds it contains.
In addition, the crypto clipper scans for addresses of fashionable crypto projects, including bitcoin, tron, and monero, successful representation each 500 milliseconds.
If it finds any, it assumes that the idiosyncratic is copying it to execute a transaction and changes it for a akin address, but that is nether the power of the attacker to instrumentality clasp of the funds sent by the users successful the infected device.
“This malware household shows however lightweight, script-based stealers tin present outsized interaction erstwhile paired with anonymized communications and runtime tasking,” the Microsoft Defender squad stressed.
To mitigate infections, the squad recommends disabling autorun for contented connected each removable media and blocking the execution of shortcuts from removable drives, which person been identified arsenic the main propagation vectors of the malware.
English (US) 