logo

Microsoft discovers new lightweight backdoor that steals cryptocurrency

ID: ac13f98c-1a4e-55f6-bf71-0982d1724b27

STIX ID: report--ac13f98c-1a4e-55f6-bf71-0982d1724b27

Feed Name: Ars Technica Security (category)

Threat Score
70/100

Date Published: 2026-06-18

Date Updated: 2026-06-19

Author: Dan Goodin

...
...

Microsoft detected 'Crypto Clipper', a USB-spreading worm that monitors clipboards for cryptocurrency wallet addresses and seed phrases, captures multiple screenshots, and exfiltrates stolen credentials and images to attacker servers via a portable Tor client and local SOCKS5 proxy; it spreads by creating or renaming .lnk files on removable drives and can act as a lightweight backdoor without traditional IP-based C2.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.