Microsoft identifies malware ‘worm’ that hijacks crypto wallets, spreads through USB drives
In the world of cybersecurity, a new threat has emerged that is causing concern among Windows users. A wallet-stealing component has been identified that is specifically designed to target cryptocurrency wallets and steal sensitive information from unsuspecting victims.
This malicious software monitors the Windows clipboard, a temporary memory used for copy-and-paste operations, every 500 milliseconds. When a user copies a crypto wallet seed phrase or a private key for a Bitcoin or Ethereum wallet, the malware captures that data and sends it to the attacker’s server over the Tor network. In addition, the malware takes five screenshots, ten seconds apart, and sends them to the attacker as well.
But the threat doesn’t stop there. If a user copies a recipient address to send funds, the worm can silently replace it with an attacker-controlled address before the user pastes it. This means that the transfer of funds goes to the attacker without the user even realizing it.
Furthermore, the worm is capable of propagating itself when a clean USB drive is plugged into the infected computer. It scans the drive for common files like Word documents, Excel sheets, and PDFs, replaces them with new shortcut files with the same names, and infects the drive. This allows the malware to spread to other systems and continue its malicious activities.
To protect against this threat, Microsoft recommends disabling AutoRun for removable media, blocking .lnk file execution on USB drives through group policy, and restricting script hosts like wscript.exe and cscript.exe. Microsoft Defender customers can also run hunting queries to check for any related activity, such as connections to a local Tor proxy on port 9050.
It is important for Windows users to be aware of this new threat and take proactive measures to protect their sensitive information and cryptocurrency wallets from falling into the wrong hands. By staying vigilant and following best practices for cybersecurity, users can minimize the risk of falling victim to this wallet-stealing component.
