COINTURK NEWSCOINTURK NEWSCOINTURK NEWS
  • Crypto Tracker App
  • Bitcoin
  • Altcoin
  • Ethereum
  • Advertise
  • Contact
  • TURTURTUR
  • ESESES
Search
© 2024 COINTURK NEWS. All Rights Reserved.
Reading: Thousands of crypto wallets compromised via malicious USB drives! What do Microsoft’s latest findings reveal?
Share
Font ResizerAa
COINTURK NEWSCOINTURK NEWS
Font ResizerAa
Search
  • Crypto Tracker App
  • Bitcoin
  • Altcoin
  • Ethereum
  • Advertise
  • Contact
  • TURTURTUR
  • ESESES
Follow US
© 2025 >> COINTURK NEWS
Powered by LK SOFTWARE
COINTURK NEWS > Cryptocurrency News > Thousands of crypto wallets compromised via malicious USB drives! What do Microsoft’s latest findings reveal?
Cryptocurrency News

Thousands of crypto wallets compromised via malicious USB drives! What do Microsoft’s latest findings reveal?

In Brief

  • 🚨 Microsoft reveals that thousands of crypto wallets have been compromised through infected USB drives targeting $BTC addresses.

  • ⚡ The malware swaps copied wallet addresses in under half a second and tries to steal recovery seed phrases.

  • 🛡️ Microsoft recommends disabling AutoRun and double-checking every detail before sending any crypto.
Ömer Ergin
Ömer Ergin 3 weeks ago
Share
SHARE

Microsoft security researchers have uncovered a new malware campaign targeting cryptocurrency assets that has been active since February 2026. The malware, tracked as Trojan:Win32/CryptoBandits.A, primarily spreads through infected USB drives, swiftly replacing copied wallet addresses with those belonging to threat actors. In addition to its status as a US-based technology giant, Microsoft is also recognized for its extensive cybersecurity research team that monitors digital threats worldwide.

Contents
How the malware operatesRecommended security measuresMicrosoft’s previous warnings and operations

How the malware operates

According to information provided, the infection typically begins when a USB drive carrying the malware is connected to a computer. Once attached, the malware executes its malicious payload through hidden shortcut files and is able to replicate itself onto other local storage devices. Once embedded in a Windows system, it establishes covert communication with its command and control servers using Tor-based relay nodes to mask its activity.

The greatest risk emerges during user transactions. The malware continuously monitors the system clipboard, checking it every 500 milliseconds and replacing any copied wallet address with the attacker’s address in under half a second. Unless the user manually double-checks the wallet address before confirming a transaction, the funds can end up directly in the criminal’s wallet.

Microsoft’s research team notes that the malware not only swaps wallet addresses but also scans local files in an attempt to steal private keys and recovery seed phrases.

Glossary: A seed phrase is a backup, usually comprising 12 or 24 words, that allows recovery of a cryptocurrency wallet. If compromised, a seed phrase grants full control over the assets within the wallet to whoever possesses it.

Recommended security measures

Microsoft advises users to carefully review their daily habits to protect against such attacks. Disabling the AutoRun feature on Windows devices, avoiding the use of unknown USB drives, and meticulously verifying each character in a wallet address before confirming any transfer are among the recommended precautions. Furthermore, hardware wallets that operate offline are highlighted as one of the most reliable methods for safeguarding seed phrases and digital assets.

Microsoft’s previous warnings and operations

This is not the first time Microsoft has issued warnings concerning threats targeting crypto users. Previously, the company alerted the public about two npm packages—[email protected] and [email protected]—that contained hidden malicious components. These tools collected keystrokes and screenshots through remote access malware, later leaking wallet credentials externally.

In May 2025, Microsoft led a globally coordinated operation against the Lumma Stealer group, which had been active since late 2022. As part of the initiative, authorities seized 2,300 malicious domains, while the US Department of Justice took steps to dismantle central control panels and dark web marketplaces associated with the group.

Acting under a court order, Microsoft’s Digital Crimes Unit seized 2,300 domains, while Europol EC3 and Japan’s JC3 halted operations of remaining servers across Europe and Asia.

Recent findings underline a resurgence of security threats distributed via physical carriers, posing renewed challenges for cryptocurrency users. The combination of USB-based infection and clipboard address replacement techniques has made it more important than ever for individual investors to implement diligent verification processes before finalizing any transaction.

You can follow our news on X, Telegram, Facebook & Coinmarketcap
Disclaimer: The information contained in this article does not constitute investment advice. Investors should be aware that cryptocurrencies carry high volatility and therefore risk, and should conduct their own research.

You Might Also Like

Revolut X added AI assistant support for crypto trading and portfolio management

Japan’s finance minister said the government is moving forward as planned to legalize crypto asset ETFs

US Justice Department charged Rossen Iossifov with plotting to move $290,000 in seized crypto from prison

Circle faces pressure over 381000 USDC! Are stablecoin issuers now at a crossroads?

The White House said it has not received Senate Democrat nominees for SEC and CFTC vacancies

Ömer Ergin 20 June, 2026 - 12:14 am 20 June, 2026 - 12:14 am
Share This Article
Facebook Twitter
Share
Previous Article SUI daily trading volume soars to 373.5 million dollars! What does this mean for the support levels?
Next Article Solana hits record 285,971 addresses with tokenized SpaceX stock! What’s driving this real world asset surge?
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

8.1k Like
21.1k Follow
1.1k Follow

Latest News

Revolut X added AI assistant support for crypto trading and portfolio management
Cryptocurrency News
Japan’s finance minister said the government is moving forward as planned to legalize crypto asset ETFs
Cryptocurrency News
BlackRock transferred 8,700 ETH worth $15.81 million to Coinbase Prime as outflows accelerate from its Ethereum ETF
Ethereum (ETH)
//

COINTURK was launched in March 2014 by a group of technology enthusiasts who believe that Bitcoin will be as important as the internet in the world of the future thanks to the amazing technology underlying it.

CRYPTOCURRENCY LIVE PRICES

  • Bitcoin (BTC) Live Price
  • Ethereum (ETH) Live Price
  • Ripple (XRP) Live Price
  • Solana (SOL) Live Price
  • Dogecoin (DOGE) Live Price
  • Cardano (ADA) Live Price
  • Chainlink (LINK) Live Price

OUR PARTNERS

  • COINMARKETCAP
  • COINGECKO
  • BITCOINHABER
  • BH NEWS
  • 21MILYON
  • NEWSLINKER

OUR COMPANY

  • About Us
  • Cookie Policy
  • Advertising
  • Contact
COINTURK NEWSCOINTURK NEWS
Follow US
COINTURK NEWS 2026
Powered by LK SOFTWARE
Welcome Back!

Sign in to your account

Lost your password?