MICROSOFT has detected a new self-propagating malware known as Crypto Clipper, which spreads via USB drives to steal cryptocurrency credentials. The malware monitors clipboard contents for wallet addresses and seed phrases, capturing screenshots and sending this data to attacker-controlled servers through a Tor network for anonymity. It operates without traditional installers, deploying as a portable Tor client and using a SOCKS5 proxy to obfuscate its connections.
Crypto Clipper can also replace wallet addresses with those of attackers, diverting cryptocurrency payments. Microsoft believes this malware showcases effective lightweight theft methods with serious implications for affected devices. Detection methods include identifying suspicious JavaScript processes and possible data exfiltration using Curl.