Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2

A

Admin User

Administrator of InfoSecCenter. Passionate about cybersecurity, information security, and technology.

Save

Microsoft has recently revealed concerning details about a sophisticated cryptocurrency clipper campaign targeting Windows users. In a technical analysis published by the Microsoft Defender Security Research Team, security professionals are being alerted to a persistent threat that has been actively compromising systems since February 2026. The attack vector demonstrates a concerning evolution in clipboard hijacking malware, leveraging both physical media and anonymous communication channels to bypass traditional security measures.

The clipper malware campaign functions by replacing legitimate cryptocurrency wallet addresses in a victim's clipboard with addresses controlled by the attackers. This relatively simple tactic has proven financially lucrative for cybercriminals, as users unwittingly transfer funds to the wrong destinations during legitimate transactions. What makes this particular campaign notable is its propagation method through USB devices using LNK shortcut files, which allows the malware to spread when users connect infected removable drives to their systems. Once executed, the malware utilizes Windows Script Host

Share

Shares: 0
LinkedIn WhatsApp Pinterest Print

You might also like

Comments (0)

Leave a Comment

No comments yet. Be the first to comment!