Microsoft Exposes Windows Clipper Malware Campaign Using USB Worm.

Microsoft's security team has uncovered a sneaky malware campaign that's been secretly stealing cryptocurrency from Windows users since February 2026, using a clever combination of a USB worm and a stealthy Tor-based command center. The malware, known as a Windows Clipper, uses Windows Script Host and ActiveX to launch a…

https://osintsights.com/microsoft-exposes-windows-clipper-malware-campaign-using-usb-worm?utm_source=mastodon&utm_medium=social

#WindowsClipperMalware #EmergingThreats #UsbWorm #TorbasedC2 #CryptocurrencyTheft

Mustang Panda (Hive0154) rolled out SnakeDisk (USB worm) + Toneshell9/Yokai backdoor to target air-gapped networks (geo-targeted to Thailand). Indicators: hidden SYSTEM/HIDDEN dirs on USB, robocopy/SHFileOperation usage, payloads reconstructed in C:\Users\Public\, scheduled tasks for persistence. Immediate mitigations: enforce approved read-only media, disable autorun, monitor WM_DEVICECHANGE/IOCTL, block DLL sideloading, and scan media in isolated sandboxes.

Follow @technadu for IOCs & response playbooks.

#MustangPanda #USBWorm #AirGapSecurity #ThreatIntel #EDR #IR #InfoSec #Malware

#USBworm unleashed by Russian state #hackers spreads worldwide | Ars Technica

#LitterDrifter 's means of self-propagation are simple. So why is it spreading so widely?
#usb #worm #russia

https://arstechnica.com/security/2023/11/normally-targeting-ukraine-russian-state-hackers-spread-usb-worm-worldwide/

A strange USB worm created by Russian hackers,
Has spread far since its latest attackers.
The method's quite simple,
It's spread with a stumble.

#usbworm #russianhackers #cybersecurity #poetry

https://arstechnica.com/security/2023/11/normally-targeting-ukraine-russian-state-hackers-spread-usb-worm-worldwide/