Microsoft discovers new lightweight backdoor that steals cryptocurrency
ID: ac13f98c-1a4e-55f6-bf71-0982d1724b27
STIX ID: report--ac13f98c-1a4e-55f6-bf71-0982d1724b27
Feed Name: Ars Technica Security (category)
Threat Score
Microsoft detected 'Crypto Clipper', a USB-spreading worm that monitors clipboards for cryptocurrency wallet addresses and seed phrases, captures multiple screenshots, and exfiltrates stolen credentials and images to attacker servers via a portable Tor client and local SOCKS5 proxy; it spreads by creating or renaming .lnk files on removable drives and can act as a lightweight backdoor without traditional IP-based C2.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
