Microsoft Warns of Crypto Clipper Malware Spread via USB Drives

DATA & FIGURES

The Crypto Clipper malware has been active since February, with Microsoft detecting it as _Trojan:Win32/CryptoBandits.A_. The malware targets high-value financial artifacts from the clipboard, including BIP39 mnemonic seed phrases and Bitcoin and Ethereum private keys. It replaces copied wallet addresses with attacker-controlled ones across Bitcoin, Tron, and Monero, taking screenshots every ten seconds for additional context.

THE SCENARIO

The Crypto Clipper operates within a broader context of increasing Windows-based crypto stealers. 2026 has seen a significant escalation in such malware, with a new Windows malware strain called Lucid Stealer targeting browser extensions and crypto wallets identified earlier this month.

DIRECT QUOTE

"This malware family shows how lightweight, script-based stealers can deliver outsized impact when paired with anonymized communications and runtime tasking." — Microsoft researchers, Microsoft Threat Intelligence

BBN INSIGHT

The Crypto Clipper malware underscores the importance of robust security measures for crypto users, particularly in protecting against USB-transmitted malware. The ability of this malware to function as a backdoor, allowing for the execution of arbitrary code, poses significant risks.