Microsoft finds USB worm that steals cryptocurrency through clipboard hijacking and Tor (opens in new tab)

Microsoft Threat Intelligence has identified a new strain of self-propagating malware that spreads through USB drives, monitors the Windows clipboard for cryptocurrency wallet addresses and seed phrases, and routes all stolen data through a portable Tor client to avoid detection. The campaign has been active since at least February 2026, according to Microsoft’s analysis published […] at The Next Web