Plugging in the USB immediately gets you infected; this attack chain is too dirty—clipboard hijacking + address replacement + worm propagation—the triple threat. You’d better check if your computer has any unfamiliar scheduled tasks.

View Original
CoinNetwork
GoPlusSecurity: Warning — Cryptocurrency Clipboard Hijacker Detected
GoPlusSecurity warns that active cryptocurrency clipboard hijackers from February 2026 onward, combined with clipboard theft, wallet address replacement, and worm propagation, can achieve long-term access and control over infected devices.
The attack is distributed via malicious USB, monitoring new USB devices and creating malicious shortcuts; placing double-obfuscated JavaScript payloads in c:\users\public\documents\ and setting up scheduled tasks; communicating with renamed Tor clients and .onion domains; monitoring clipboard for mnemonics and private keys and exfiltrating them, while also taking screenshots; supporting multiple wallet address formats for replacement, with replaced addresses similar to the original, making detection difficult.
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned