Microsoft Warns of New Crypto Clipper Malware That Acts Like a Worm

• Crypto Clipper uses Tor for secret commands, spreads like a worm, and opens backdoors.
• With Tor, attackers can hide their tracks and make it harder to be shut down.
• Hackers have been using malicious shortcut files (.lnk) to infect devices since Feb 2026.

Microsoft Threat Intelligence team has released a report on a new, highly advanced Crypto Clipper malware campaign that goes beyond the standard clipboard hijacking techniques.

Unlike older clipper malware that simply swaps cryptocurrency wallet addresses, this campaign uses Tor for secret commands, spreads like a worm, digs in deep, and opens backdoors, making it a much larger threat.

Crypto clippers used to be seen as pretty basic malware. In a typical clipper attack, the victim copies a crypto wallet address, the malware monitors the clipboard, swaps it for the attacker’s address, and the victim ends up sendi…

Read The Full Article Microsoft Warns of New Crypto Clipper Malware That Acts Like a Worm On Coin Edition.