Microsoft Threat Intelligence and Microsoft Defender Experts have identified a Windows cryptocurrency clipper campaign that has affected users since February 2026. The malware targets clipboard data, wallet credentials and cryptocurrency addresses through Windows Script Host and ActiveX-driven logic. Microsoft said the campaign begins with malicious .lnk shortcut files distributed through USB storage devices. When a user opens one of the shortcuts, the file stages a worm component that checks whether the device is already infected and, if not, retrieves the payload through Tor. The malware scans the USB device for common document files such as .doc, .xlsx and .pdf, hides… [Continue Reading]
