USB worm spreads crypto-stealing malware via Windows shortcut files

A USB worm spreads clipboard-stealing malware that replaces cryptocurrency wallet addresses with attacker-controlled ones. Active since February, it uses LNK files on USB drives, monitors for seed phrases and private keys, captures screenshots every ten seconds, and communicates over Tor. Microsoft detailed the infection chain.