> TritonInfoSec News
Home / Jun 20, 2026 / Story
0
#7 The Hacker News general June 18, 2026 at 14:30 UTC

Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2

By [email protected] (The Hacker News)

AI Summary

Microsoft detailed a cryptocurrency clipper campaign active since February 2026 that spreads via USB LNK worm files and uses Windows Script Host and ActiveX to launch a bundled Tor proxy, communicating with hidden-service C2 infrastructure. The malware monitors clipboard content to hijack crypto wallet addresses and has self-spreading capabilities across air-gapped or isolated environments. The use of Tor for C2 complicates network-based detection and blocking.

Read full article → https://thehackernews.com/2026/06/microsoft-detail…

Relevance score: 79.0/100

# More from June 20

  1. 1
    CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices The Hacker News
  2. 2
    Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites The Hacker News
  3. 3
    CISA: Splunk Enterprise flaw actively exploited, patch by Sunday BleepingComputer
  4. 4
    Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain The Hacker News
  5. 5
    Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data The Hacker News
  6. 6
    F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution The Hacker News
  7. 8
    The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes The Hacker News
  8. 9
    Texas govt data breach exposes over 3 million driver’s licenses BleepingComputer
  9. 10
    Critical Command Execution Vulnerability Patched in Cisco ISE SecurityWeek