Microsoft announced that its security team has uncovered a new malware strain that propagates via USB drives and specifically harvests crypto wallet credentials on Windows computers. The threat, dubbed Trojan/CryptoBandits, targets private keys and seed phrases linked to Bitcoin and Ethereum wallets, potentially exposing assets valued at current market prices. Investors relying on blockchain applications should be aware that the malware operates silently, without visible alerts.
Malware Mechanics
The infection vector relies on malicious shortcut files bearing the “.lnk” extension; when a user opens the disguised file, hidden scripts launch a worm that embeds itself in the operating system. Once active, the worm runs continuously, executing wallet‑stealing code while simultaneously preparing to compromise any additional USB devices that are later connected. Microsoft’s Defender Antivirus flagged the activity as a crypto clipper, noting that the worm spreads autonomously across removable media.
After installation, the malware monitors the clipboard at half‑second intervals to capture copied seed phrases or private keys, then routes the stolen data through the Tor network to attacker‑controlled servers. It also records screenshots every ten seconds, gathering visual context that could aid further credential extraction. These actions occur in parallel, ensuring the payload remains effective while minimizing the chance of detection.
Impact on Crypto Stakeholders
For cryptocurrency investors, the malware poses a direct threat to wallet security, potentially enabling unauthorized transactions that bypass user consent. By siphoning Bitcoin and Ethereum private keys, the threat could trigger sudden market fluctuations if large amounts are moved illicitly, affecting price stability and investor confidence. The covert nature of the clipboard theft means that even vigilant users may inadvertently expose their assets while copying address information.
Microsoft advises users to disable autorun features on removable drives, verify the legitimacy of shortcut files, and keep Defender Antivirus signatures up to date. Strengthening wallet security through hardware devices and avoiding the storage of private keys on Windows machines can mitigate the risk posed by this emerging crypto‑focused malware.