Sabi ng Microsoft
Published on an article June 17, 2026, may malware ngayon maaring mag-spread through USB. It swaps copied crypto wallets' addresses to the attacker's addresses before you paste them.
How it works:
Magse-send ka ng crypto and copies a wallet address (true and valid one). Before you can paste that on a hot wallet or a withdrawal address input field, mapapalitan agad ito ng ibang wallet address (attacker's address).
If you don't notice the change in wallet address, you might end up sending coins/tokens to the attacker's address. *Poof, crypto gone.
Possible preventions.
1. Don't use USBs?
2. Use Linux.
But, if nasa windows ka parin.
3. Disable USB auto-run/auto-play
Press Win + I to open the Settings app.
Select Bluetooth & devices from the left sidebar, then click on AutoPlay.
Toggle the Use AutoPlay for all media and devices switch to Off.
For the remaining dropdown menus (Removable drive and Memory card), select Take no action.
4. Disable block .lnk file execution
Press Win + R, type secpol.msc and press Enter to open the Local Security Policy tool.
In the left panel, navigate to Security Settings > Software Restriction Policies.
If no policies are listed, right-click on Software Restriction Policies and select New Software Restriction Policies.
Right-click on Additional Rules in the right-hand panel and select New Path Rule.
In the path field, enter *.lnk and set the Security level to Disallowed.Click Apply and OK.
5. Crypto contact address
Some crypto wallets have features to add a crypto contact wallet address. Makes it easy to send crypto without copy/paste.
Electrum, Metamask, Ledger Live, and many other wallets have this feature.
6. Always turn on your AV or Malware prevention app. Kahit MS Defender 'lang, ok na din 'yan.
7. Lastly, always verify the wallet address before sending the coin/token.
Sources:
https://x.com/CoinDesk/status/2067907729088274706https://www.microsoft.com/en-us/security/blog/2026/06/17/crypto-clipper-uses-tor-worm-like-propagation-for-persistence-control/
