Microsoft found malware that hijacks crypto wallets and spreads through USB sticks

Microsoft discovered malware on March 11, 2024, that targets cryptocurrency wallets by exploiting USB drives. This malicious software operates by intercepting shortcut files (.lnk) on a compromised system. When a user interacts with these shortcuts, the malware installs a worm. This worm's primary function is to harvest private keys for cryptocurrency wallets directly from the Windows clipboard. Furthermore, it modifies outgoing cryptocurrency transactions by replacing the legitimate destination wallet addresses with its own, effectively redirecting funds to the attacker. The malware's propagation method relies on the common practice of using USB drives to transfer files between computers, making it a stealthy and potentially widespread threat. Microsoft's security researchers identified this threat and are working to develop countermeasures to protect users from these attacks.