{"id":74336,"date":"2026-06-21T09:14:56","date_gmt":"2026-06-21T09:14:56","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/microsoft-warns-of-new-usb-based-malware-targeting-crypto-users\/"},"modified":"2026-06-21T09:14:56","modified_gmt":"2026-06-21T09:14:56","slug":"microsoft-warns-of-new-usb-based-malware-targeting-crypto-users","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/microsoft-warns-of-new-usb-based-malware-targeting-crypto-users\/","title":{"rendered":"Microsoft Warns of New USB-Based Malware Targeting Crypto Users"},"content":{"rendered":"<p><b>(Originally posted on : Bitcoin News )<\/b><br \/>\n<\/p>\n<div>\n<div class=\"@container mb-[25px] rounded-sm overflow-clip py-0.5 pr-0.5 pl-2.5 bg-success-100\">\n<div class=\"flex flex-col gap-m overflow-clip rounded-[6px] !bg-success-10 p-3 @[420px]:p-m\">\n<h2 class=\"m-0 flex items-center gap-s text-[19px] !text-[#1c1c1c] md:text-[20px]\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"16\" height=\"10\" viewbox=\"0 0 16 10\" fill=\"none\" class=\"shrink-0 text-success-100\" aria-hidden=\"true\"><path d=\"M1 1.5h14\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><path d=\"M1 8.5h10\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><\/svg><span>Key Takeaways<\/span><\/h2>\n<ul class=\"m-0 flex list-none flex-col gap-m pl-0\">\n<li class=\"m-0 flex items-start gap-s !text-[#434248]\"><span class=\"mt-2 size-2 shrink-0 rounded-full bg-success-100\" aria-hidden=\"true\"\/><span class=\"text-body\">Microsoft Defender flagged a new USB malware that exposes bitcoin transactions to theft.<\/span><\/li>\n<li class=\"m-0 flex items-start gap-s !text-[#434248]\"><span class=\"mt-2 size-2 shrink-0 rounded-full bg-success-100\" aria-hidden=\"true\"\/><span class=\"text-body\">The script steals 12 or 24-word seed phrases, threatening tron and monero wallet security.<\/span><\/li>\n<li class=\"m-0 flex items-start gap-s !text-[#434248]\"><span class=\"mt-2 size-2 shrink-0 rounded-full bg-success-100\" aria-hidden=\"true\"\/><span class=\"text-body\">Microsoft next urges users to block shortcuts to stop the malware from spreading trough removable drives.<\/span><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<h2>Microsoft Alerts About Windows Malware That Changes <span>Cryptocurrency<\/span> Addresses<\/h2>\n<p>The team behind Microsoft Defender, Windows\u2019 embedded malware and virus security tool, has <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/06\/17\/crypto-clipper-uses-tor-worm-like-propagation-for-persistence-control\/\" target=\"_blank\" rel=\"noopener noreferrer\">warned<\/a> about a new menace that uses shortcuts to infect devices, principally using USB drives.<\/p>\n<p>The malware replaces files on removable media storage devices with shortcuts (.lnk files) that trigger the infection when executed, takes countermeasures against possible scanning and deletion by antivirus software, and uses anonymized Tor-powered communication to avoid detection.<\/p>\n<p><\/p>\n<p>At the same time, the malware propagates by copying itself to any USB drives inserted into an infected computer. It also runs a process that can execute various tasks, including changing the addresses copied by users into the clipboard of the infected device.<\/p>\n<p>The malware, which continuously runs on the affected device, scans memory for what Microsoft calls \u201chigh-value financial artifacts,\u201d detecting 12 or 24-word BIP39 <a href=\"https:\/\/news.bitcoin.com\/crocodilus-malware-steals-seed-phrases-targets-crypto-users-globally\/\">seed phrases<\/a> in clipboard data and sending them to the attackers, along with five screenshots to give context about the wallet contents and the funds it contains.<\/p>\n<p>In addition, the <a href=\"http:\/\/www.bitcoin.com\/get-started\/a-quick-introduction-to-crypto\/\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">crypto<\/a> clipper scans for addresses of popular <a href=\"http:\/\/www.bitcoin.com\/get-started\/a-quick-introduction-to-crypto\/\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">crypto<\/a> projects, including <a href=\"https:\/\/www.binance.com\/en\/price\/bitcoin\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">bitcoin<\/a>, tron, and monero, in memory every 500 milliseconds.<\/p>\n<p>If it finds any, it assumes that the user is copying it to execute a transaction and changes it for a similar address, but that is under the control of the attacker to take hold of the funds sent by the users in the infected device.<\/p>\n<p><strong>\u201cThis malware family shows how lightweight, script-based stealers can deliver outsized impact when paired with anonymized communications and runtime tasking,\u201d<\/strong> the Microsoft Defender team stressed.<\/p>\n<p>To mitigate infections, the team recommends disabling autorun for content on all removable media and blocking the execution of shortcuts from removable drives, which have been identified as the main propagation vectors of the malware.<\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/news.bitcoin.com\/microsoft-warns-of-new-usb-based-malware-targeting-crypto-users\/\">Source link <\/a><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Originally posted on : Bitcoin News ) Key Takeaways Microsoft Defender flagged a new USB malware that exposes bitcoin transactions to theft. The script steals 12 or 24-word seed phrases, threatening tron and monero wallet security. Microsoft next urges users to block shortcuts to stop the malware from spreading trough removable drives. Microsoft Alerts About [&hellip;]<\/p>\n","protected":false},"author":15,"featured_media":74337,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[32],"tags":[],"_links":{"self":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/74336"}],"collection":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/comments?post=74336"}],"version-history":[{"count":0,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/74336\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media\/74337"}],"wp:attachment":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media?parent=74336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/categories?post=74336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/tags?post=74336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}