Microsoft finds USB-spreading crypto wallet malware

A worm called Trojan:Win32/CryptoBandits has been infecting Windows PCs since February via infected USB drives. It monitors the clipboard for seed phrases and private keys, swaps in attacker wallet addresses, and exfiltrates data over Tor. Microsoft urged disabling AutoRun and blocking.lnk execution on USB media.