Crypto malware detected by Microsoft shows a simple USB shortcut can turn into crypto wallet theft and even remote control.
Microsoft warns of malware targeting Windows users through simple USB shortcut infections and leading to crypto wallets‘ data stealing and remote access to computers.
Microsoft Threat Intelligence, the company’s security research team, and Microsoft Defender Experts, its response group, said in a June 17 blog post that the malware has been active since February.
The attack starts with malicious Windows shortcut files found on USB drives. Once opened, the malware hides real documents and creates fake shortcuts with the same file names, making the device look normal while the attacker’s code runs. The malware has two parts.
- One spreads through USB drives.
- The other steals crypto wallet data.
Read also: Android Banking Malware Uses TON Blockchain to Hide From Takedowns
How Crypto Malware Works
Following the infection, the malware continues monitoring the clipboard, searching for 12-word and 24-word seed phrases, Ethereum private keys, Bitcoin private keys, and wallet addresses that are copied there, researchers reveal.
Moreover, the malware can even replace a copied crypto address with an attacker-controlled one before a transaction is sent.
On top of that, the malware also takes screenshots and uploads them, giving attackers more information about wallets, balances and even opened apps. As Microsoft said, the tool can receive new commands from attackers, making it more than a basic crypto wallet stealer.
The company recommended disabling AutoRun and AutoPlay for removable media, blocking shortcut files from USB drives where possible and investigating unusual script activity on Windows devices.
Read more: What Is a Seed Phrase? Why Sharing It Can Cost You Entire Crypto Wallet
