Grafa
Microsoft warns of USB-spread crypto malware
Image for illustrative purposes only. Not a real photo.

Microsoft warns of USB-spread crypto malware

Share
  • Microsoft warned Windows users about a cryptocurrency-focused malware strain that spreads through USB drives and targets wallet credentials.
  • The malware steals seed phrases, private keys, clipboard data, and screenshots while also enabling remote code execution on infected devices.
  • Researchers said the threat uses the Tor network to hide communications and can provide attackers with long-term access to compromised systems.

Microsoft warned Windows users about a cryptocurrency clipper malware campaign that spreads through USB drives and is designed to steal wallet credentials, private keys, seed phrases, and other sensitive financial data.

The malware, which Microsoft said has been active since February, disguises malicious files as legitimate shortcuts while automatically spreading to connected USB storage devices.

“This malware family shows how lightweight, script-based stealers can deliver outsized impact when paired with anonymised communications and runtime tasking,” said Microsoft Threat Intelligence.

Researchers said the malware captures clipboard contents, replaces copied cryptocurrency wallet addresses with attacker-controlled addresses, takes screenshots every 10 seconds, and targets Bitcoin (CRYPTO:BTC), Ethereum (CRYPTO:ETH), Tron (CRYPTO:TRX), and Monero (CRYPTO:XMR) users.

Microsoft said the malware also functions as a lightweight backdoor by allowing attackers to remotely execute code on infected systems, and following the disclosure no specific financial losses were reported.

The threat installs a disguised version of the Tor browser under the filename "ugate.exe" and uses the Tor network to communicate with operators through hidden services, making detection and tracking more difficult.

Microsoft Defender Antivirus identifies the malware as Trojan:Win32/CryptoBandits.A, and the company recommended disabling USB autoplay, restricting shortcut file execution from removable media, and monitoring systems for unusual proxy activity and script execution.

At the time of reporting, Bitcoin price was $62,747.98.

Perguntas frequentes

A Grafa não é um consultor financeiro. Você deve buscar aconselhamento independente, jurídico, financeiro, tributário ou de outra natureza que se relacione às suas circunstâncias únicas.

A Grafa não se responsabiliza por qualquer perda causada, seja por negligência ou de outra forma, decorrente do uso ou da confiança nas informações fornecidas direta ou indiretamente pelo uso desta plataforma.