Close Menu
iNews Zoombangla
  • Bangladesh
  • World
  • Tech
  • Business
  • Sports
  • Entertainment
  • Bangla
Facebook X (Twitter) Instagram
iNews Zoombangla
  • Bangladesh
  • World
  • Tech
  • Business
  • Sports
  • Entertainment
  • Bangla
iNews Zoombangla
Home English Business Technology Cyber Security Microsoft Warns CryptoBandits Malware Hijacks Crypto Wallets Through USB Drives
Business Cyber Security English Technology

Microsoft Warns CryptoBandits Malware Hijacks Crypto Wallets Through USB Drives

By Bhuiyan Md TomalJune 20, 20263 Mins Read

Microsoft’s Threat Intelligence team has identified a sophisticated new malware strain that spreads via USB drives and silently drains cryptocurrency wallets, the company warned in a detailed security advisory published Friday, urging users and organizations to review their endpoint security settings immediately.

The malware, which Microsoft has named CryptoBandits, has been active since at least February and has been confirmed in attacks across 14 countries, with the highest concentrations in the United States, Germany, South Korea, and Brazil. Microsoft estimates the malware has resulted in the theft of more than $45 million in cryptocurrency assets from individual and institutional victims.

CryptoBandits spreads through infected USB drives, exploiting a vulnerability in how Windows processes certain file types when a drive is connected. Once a USB device carrying the malware is plugged into a computer, the software installs itself silently in the background without requiring the user to open or execute any file. This characteristic makes it unusual among credential-stealing malware, which typically requires a user to click on a malicious link or attachment.

Microsoft Warns CryptoBandits Malware Hijacks

Advertisement

After installation, CryptoBandits monitors clipboard activity and replaces any cryptocurrency wallet address copied by the user with an attacker-controlled address. This means a victim who intends to transfer funds to a trusted wallet instead sends them to the attacker’s address without realizing the substitution occurred. The malware is designed to match the address format precisely, including length and prefix, making the swap difficult to notice at a glance.

The malware also performs a secondary function, scanning the infected system for wallet software, browser extensions used to access Web3 applications, and locally stored wallet seed phrases. If found, this data is exfiltrated to a command-and-control server within 60 seconds of discovery.

Microsoft said CryptoBandits had evaded detection by major antivirus engines for several months because it used fileless techniques, operating largely within system memory rather than writing recognizable executable files to disk. The company said it had worked with antivirus vendors to update signature databases and that most major security products could now detect the threat.

The company recommended that organizations disable USB AutoRun policies through Group Policy, restrict USB port access on corporate devices, and enable Microsoft Defender’s tamper protection. Individual users were advised to verify cryptocurrency wallet addresses character by character before confirming any transaction, rather than relying on a visual spot-check of the first and last few characters. Recent cryptocurrency phishing campaigns had already conditioned many users to check URLs carefully, but clipboard substitution attacks require a different kind of vigilance.

Researchers at Kaspersky and Mandiant independently confirmed the existence of the malware and corroborated Microsoft’s technical description. Mandiant said it had observed CryptoBandits being distributed through counterfeit USB drives mailed to cryptocurrency company employees in what appeared to be targeted initial access operations, as well as through infected drives shared unknowingly in office environments.

The origin of the malware has not been formally attributed. Microsoft’s advisory noted similarities with techniques used by financially motivated threat actors based in Eastern Europe, but the company said it had not reached a definitive attribution conclusion. Microsoft’s security blog contains full indicators of compromise for security teams to use in their threat-hunting operations.

The FBI issued a complementary alert Friday recommending that anyone who had plugged an unfamiliar USB device into a computer in recent months run a full security scan and check their cryptocurrency transaction history for unauthorized transfers.

fXinmwalink@tg
Zoom Bangla News
Zoom Bangla News
inews.zoombangla.com
Follow

Follow iNews Zoombangla On Google

Open the Google follow page and tap the checkmark option to receive more updates from iNews Zoombangla in your Google news feed.

Follow iNews Zoombangla On Google
2026 CryptoBandits Cryptocurrency Cybersecurity malware Microsoft USB
Bhuiyan Md Tomal
  • Website
  • Facebook
  • X (Twitter)
  • Instagram

Bhuiyan Md Tomal is a journalist at Zoom Bangla News, contributing to news writing and editorial support. He works to ensure accuracy, clarity, and consistency in published content for digital audiences. His approach reflects a commitment to responsible journalism and quality reporting.

Related Posts
Nissan Tekton India launch

Nissan Tekton Launches in India at Rs 10.49 Lakh

July 10, 2026
Black Ops PS5 launch

Call of Duty Black Ops 1 and 2 Launch on PlayStation 5 Today

July 10, 2026
Panda Express Swicy menu return

Panda Express Brings Back Swicy Menu Items After Fan Demand

July 10, 2026

Latest News

Nissan Tekton India launch

Nissan Tekton Launches in India at Rs 10.49 Lakh

Black Ops PS5 launch

Call of Duty Black Ops 1 and 2 Launch on PlayStation 5 Today

Panda Express Swicy menu return

Panda Express Brings Back Swicy Menu Items After Fan Demand

Evil Dead Burn July 10

Evil Dead Burn Opens July 10 With Deadites, Grief, and Sam Raimi Horror

Samsung Galaxy Z Flip 7

Samsung Galaxy Z Flip 7 Drops July 25: Bigger Screen, 31-Hour Battery

Samsung Galaxy Unpacked July 22

Samsung Galaxy Unpacked July 22: Z Fold 8, Z Flip 8 Coming to London

Microsoft 365 Copilot July updates

Microsoft 365 Copilot Gets 40+ Updates in July: Claude Support, New Interface

BMW iX7 electric flagship launch

BMW iX7 Electric Flagship Launches in US: $106,200 Starting Price

Apple iPhone Fold September crease-free

Apple iPhone Fold September 2026 Launch Confirmed Crease-Free Display

Google Pixel 10 Pro Fold IP68 durability

Google Pixel 10 Pro Fold IP68 Durability And Qi2 Magnetic Charging Lead Foldable Innovation

 

Inews

iNews Zoombangla is your trusted destination for fast, accurate, and relevant English news. We cover Bangladesh, world affairs, technology, business, sports, entertainment, lifestyle, science, and research for English-language readers. iNews Zoombangla is the English news edition of ZooBangla.

  • About Us
  • Contact Us
  • Career
  • Advertise
  • DMCA
  • Privacy Policy
  • Feed
  • Authors
  • Editorial Team Info
  • Ethics Policy
  • Correction Policy
  • Fact-Checking Policy
  • Funding Information
© 2026 ZoomBangla Pvt Ltd. - Powered by ZoomBangla

Type above and press Enter to search. Press Esc to cancel.

tgXwa