Windows Clipper Malware: USB LNK Worm & Tor C2
🟠 High | Source: The Hacker News Microsoft has identified an ongoing malware campaign targeting Windows users with a cryptocurrency clipper that silently replaces copied wallet addresses with attacker-controlled ones. The malware, active since February 2026, uses Windows Script Host and ActiveX to launch a bundled Tor proxy, communicating with a dark web command-and-control server to evade detection. The use of USB LNK worm propagation significantly widens the potential blast radius, including air-gapped or enterprise environments where USB devices are in common use. ...