Microsoft Details USB LNK Clipper Malware Campaign

Microsoft disclosed a Windows clipper campaign active since February 2026 that uses USB LNK files and a Tor-based C2. The malware deploys a portable Tor client, routes traffic through a local SOCKS5 proxy, and performs clipboard theft, screenshot exfiltration, and wallet-address substitution.