Microsoft dey warn say crypto clipper malware dey spread through USB drives

Microsoft dey warn say dem don find Windows-based crypto clipper malware campaign wey dem name “CryptoBandits” wey don dey active since February. Di threat dey spread through infected USB drives and bad .lnk shortcut files, then e Dey use Tor-based command-and-control to jaga wallet data and swap di crypto addresses wey person copy. Main behaviour dem include dey check clipboard like every 500 milliseconds, replacing recipient addresses, harvesting seed phrases/private keys (BIP39 12/24 words), capturing screenshots, and running code wey attacker supply. Microsoft talk say di malware dey chain Windows and JavaScript payloads, make am hard to detect. Later update add worm-like spread: e go scan removable media for common document types (PDFs, spreadsheets, Word files), hide di originals, and make malicious shortcuts with same filenames to infect next user. Communication dey route through local SOCKS5 proxy and hidden-service (.onion) servers, wey reduce IP/DNS visibility. For crypto traders, crypto clipper matter because e target endpoint before transfer sign. Address substitution fit divert outgoing payments, while thief of seed-phrases fit clear full wallet. Microsoft recommend make una verify full destination addresses on trusted screens, no use unknown USB devices, disable AutoRun/AutoPlay, keep endpoint protection on, and treat clipboard changes as sign say system don compromise. Crypto clipper malware still be direct operational risk for hot wallets and copy/paste workflows, even though e no change the underlying network fundamentals.