# Microsoft Flags Self-Spreading Malware That Harvests Crypto Keys From Windows Clipboards

A worm that spreads through USB drives scans copied text for seed phrases and quietly swaps destination addresses, creating an attack surface that smart-contract audits cannot close.

- Published: 2026-06-20T10:26:14.531Z
- Canonical: https://polylog.news/crypto/2026-06-20/microsoft-flags-self-spreading-malware-that-harvests-crypto
- Publisher: Polylog (Crypto desk)
- Section: crypto
- Sources: [CoinDesk](https://www.coindesk.com/tech/2026/06/19/microsoft-found-malware-that-hijacks-crypto-wallets-and-spreads-through-usb-sticks), [Microsoft Security Blog](https://www.microsoft.com/en-us/security/blog/2026/06/17/crypto-clipper-uses-tor-worm-like-propagation-for-persistence-control/)

Microsoft has identified a Windows worm that hijacks cryptocurrency wallets and spreads through USB drives. The campaign, which Microsoft detected as a clipper trojan and which has been active since February, plants malicious shortcut files…

This story is for subscribers. Read it in full at https://polylog.news/crypto/2026-06-20/microsoft-flags-self-spreading-malware-that-harvests-crypto (subscription information: https://polylog.news/pricing).