Crypto Clipper uses USB drives and Tor to steal wallet data (opens in new tab)

Microsoft Threat Intelligence and Microsoft Defender Experts have identified a Windows cryptocurrency clipper campaign that has affected users since February 2026. The malware targets clipboard data, wallet credentials and cryptocurrency addresses through Windows Script Host and ActiveX-driven logic. Microsoft said the campaign begins with malicious .lnk shortcut files distributed through USB storage devices. When a user opens one of the shortcuts, the file stages a worm component that checks...