USB crypto-malware. Beware

[julerz12]

Sabi ng Microsoft ^{Published on an article June 17, 2026}, may malware ngayon maaring mag-spread through USB. It swaps copied crypto wallets' addresses to the attacker's addresses before you paste them.

How it works:
Magse-send ka ng crypto and copies a wallet address (true and valid one). Before you can paste that on a hot wallet or a withdrawal address input field, mapapalitan agad ito ng ibang wallet address (attacker's address).
If you don't notice the change in wallet address, you might end up sending coins/tokens to the attacker's address. *Poof, crypto gone.

Possible preventions.
1. Don't use USBs?  
2. Use Linux.  

But, if nasa windows ka parin.
3. Disable USB auto-run/auto-play

Press Win + I to open the Settings app.
Select Bluetooth & devices from the left sidebar, then click on AutoPlay.
Toggle the Use AutoPlay for all media and devices switch to Off.
For the remaining dropdown menus (Removable drive and Memory card), select Take no action.

4. Disable block .lnk file execution

Press Win + R, type secpol.msc and press Enter to open the Local Security Policy tool.
In the left panel, navigate to Security Settings > Software Restriction Policies.
If no policies are listed, right-click on Software Restriction Policies and select New Software Restriction Policies.
Right-click on Additional Rules in the right-hand panel and select New Path Rule.
In the path field, enter *.lnk and set the Security level to Disallowed.Click Apply and OK.

5. Crypto contact address
Some crypto wallets have features to add a crypto contact wallet address. Makes it easy to send crypto without copy/paste.
Electrum, Metamask, Ledger Live, and many other wallets have this feature.
6. Always turn on your AV or Malware prevention app. Kahit MS Defender 'lang, ok na din 'yan.
7. Lastly, always verify the wallet address before sending the coin/token.

Sources:
https://x.com/CoinDesk/status/2067907729088274706
https://www.microsoft.com/en-us/security/blog/2026/06/17/crypto-clipper-uses-tor-worm-like-propagation-for-persistence-control/

[SFR10]

2. Use Linux.  

Para sa ganitong uri ng malware, effective ito, pero kung tama ang pagkakaalala ko, may ibang Linux-based crypto-malware din ^{[unfortunately, walang bulletproof na OS]}.

7. Lastly, always verify the wallet address before sending the coin/token.

This... Isa sa pinakamalaking pagkakamali ng mga newcomers is first few characters lang ang vineverify nila ^{[it's worth noting na kahit similar din ang first at ang last few characters, it can still belong to the attacker]}!

[rbynxx]

5. Crypto contact address
Some crypto wallets have features to add a crypto contact wallet address. Makes it easy to send crypto without copy/paste.
Electrum, Metamask, Ledger Live, and many other wallets have this feature.

Since yung gamit ko mostly ay through Electrum > Binance, minaigi ko na talagang naka-add siya as contact, pero afaik, kamakailan lang naiba yung depo address ko, kaya mainam din na i-check ang emails sa mga trusted CEXs na ginagamit dahil it could be retired pag nag-upgrade yung wallet infra nila, for example nalang sa Binance.

[Russlenat]

Sa akin naman, Electrum lang usually ang gamit ko. Syempre copy paste lang tayo para mas safe, pero hindi ko agad tinutuloy yung transaction. I always do preview first, then check the address before finally pushing it through.

Nabiktima na rin kasi ako ng malware before and I lost all the funds I had, kaya hindi na yan mangyayari ulit.

By the way, about Electrum, okay lang ba na hindi muna mag-update? Yung version kasi na gamit ko is 4.5.8 pa lang and hindi ako sure ano na yung pinaka-latest ngayon. So far okay pa naman siya, and medyo hindi rin naman ganun kalaki yung funds ko. Kung ma-hack man, hindi masyadong masakit, just asking lang.

[coin-investor]

6. Always turn on your AV or Malware prevention app. Kahit MS Defender 'lang, ok na din 'yan.
7. Lastly, always verify the wallet address before sending the coin/token.

Ako, I fully emphasize: mabagal o matagal ako mag-send, to the point na fully check ko muna yung address na sinesendan ko sa umpisa, sa middle, at sa huli. Nag-iispend ako ng mahigit 5 minutes sa mga transactions ko para lang ma-fully verify at hindi magkamali, lalo na kapag malalaking halaga.
Mula nang una akong naging aware sa clip malware na 'yan, naging conscious na ako sa mga wallet address. Habit lang naman ito hanggang sa makasanayan mo na.

[blockman]

Kaya mag check lang din before sending at tignang maigi kung may napalitan bang characters bago mag send. Balak ko pa naman bumili ng flashdrive online. I-checheck ko nalang din maigi kung galing sa official distributor or supplier para siguradong hindi tampered. At dahil windows naman ang OS at may defender naman, okay na din siya para sa akin para makadetect ng mga virus. Dahil naka ilang scan na ako at kahit hindi naman ako mag scan, nagau-auto detect kung merong problema at may nadetect siya. Ang problema lang kung hindi niya madetect kapag nakapenetrate na kasi may mga false alarms din si defender minsan.

[Asuspawer09]

Malware ba siya, pero alam ko may ganito na talagang virus noong last last year pa or similar siguro sa ganitong method, alam ko nagkadiscussion na rin nun dito sa forum about sa new method na nangyayare, about sa pagcopy paste ng address then yung mga owner nagugulat dahil kinopy paste naman nila pero sa ibang address nila nasesend, kaya mamamali ka talaga ng input lalo na kapag hindi mo dinodouble check ang mga transactions mo before sending.

Itong USB ba is flashdrives? So ibig sabihin kelangan masaksak muna ang flashdrive bago magawa itong method na ito? so if own mo naman ang computer safe naman dito sa ganitong method since hindi ka naman nagsasaksak ng flashdrive madalas ng hindi sayo most of the time, siguro sa mga laptop at work lang, masokey siguro hiwalay nalang din yung laptop mo na for crypto used lang na may wallets.

[Peanutswar]

Wait so basically once na nag plug ka ng usb drive mo tapos nag transact ka ng is ibang address mangyayari upon pasting so meaning same ito sa process ng clipboard hijack or malware pero this time may intervention naman ng USB drive tama ba pag kakaintindi ko?

Most likely mga vulnerabilities na ito ng mga OS that they need to patch agad eh.

5. Crypto contact address
Some crypto wallets have features to add a crypto contact wallet address. Makes it easy to send crypto without copy/paste.
Electrum, Metamask, Ledger Live, and many other wallets have this feature.

Since yung gamit ko mostly ay through Electrum > Binance, minaigi ko na talagang naka-add siya as contact, pero afaik, kamakailan lang naiba yung depo address ko, kaya mainam din na i-check ang emails sa mga trusted CEXs na ginagamit dahil it could be retired pag nag-upgrade yung wallet infra nila, for example nalang sa Binance.

Kaya ako ginagawa ko nag copy muna ako address tapos ilalagay ko sya sa excel and then dun na ako magkakaroon ng comparison if cell1 address = c2 address lalabas ba is True or false para sure na tama ung copied eh.

[arwin100]

Sabi ng Microsoft ^{Published on an article June 17, 2026}, may malware ngayon maaring mag-spread through USB. It swaps copied crypto wallets' addresses to the attacker's addresses before you paste them.

How it works:
Magse-send ka ng crypto and copies a wallet address (true and valid one). Before you can paste that on a hot wallet or a withdrawal address input field, mapapalitan agad ito ng ibang wallet address (attacker's address).
If you don't notice the change in wallet address, you might end up sending coins/tokens to the attacker's address. *Poof, crypto gone.

Possible preventions.
1. Don't use USBs?  
2. Use Linux.  

But, if nasa windows ka parin.
3. Disable USB auto-run/auto-play

Press Win + I to open the Settings app.
Select Bluetooth & devices from the left sidebar, then click on AutoPlay.
Toggle the Use AutoPlay for all media and devices switch to Off.
For the remaining dropdown menus (Removable drive and Memory card), select Take no action.

4. Disable block .lnk file execution

Press Win + R, type secpol.msc and press Enter to open the Local Security Policy tool.
In the left panel, navigate to Security Settings > Software Restriction Policies.
If no policies are listed, right-click on Software Restriction Policies and select New Software Restriction Policies.
Right-click on Additional Rules in the right-hand panel and select New Path Rule.
In the path field, enter *.lnk and set the Security level to Disallowed.Click Apply and OK.

5. Crypto contact address
Some crypto wallets have features to add a crypto contact wallet address. Makes it easy to send crypto without copy/paste.
Electrum, Metamask, Ledger Live, and many other wallets have this feature.
6. Always turn on your AV or Malware prevention app. Kahit MS Defender 'lang, ok na din 'yan.
7. Lastly, always verify the wallet address before sending the coin/token.

Sources:
https://x.com/CoinDesk/status/2067907729088274706
https://www.microsoft.com/en-us/security/blog/2026/06/17/crypto-clipper-uses-tor-worm-like-propagation-for-persistence-control/[/size]

Heard this for long time kabayan at so far wala na akong nababalitaan na nabiktima nito or di kaya undocumented lang at ayaw na mag report ng mga nabiktima pa.

Pero goods parin tong thread mo to give an update about this matter at tsaka turaan ang mga kababayan natin kung sa paano ang dapat nilang gawin tungkol sa bagay nato.

Kaya dapat talaga maalam sa mga ganitong bagay para iwas mabiktima ng agnitong schemes antalino pa naman ng mga mandurugas na gumagawa ng mga ganyan.

[tech30338]

Naalala ko ung dati naming client wla na ginawa kubdi mavirus mga pc nila dahil sa kakagamit ng usb na galing sa labas in short pasaway, pero ung tower namin hindi natitinig ung mga virus hindi mkatakbo sa server tukog sila na parang nasuntok, un nga lang once may magmap.sa drive sa server yari sila, pero sila din may kasalanan, pinakamagnda ang usb ay gamitin lang if kaya sa iisa device wag kung saan saan gamitin.

[lionheart78]

Sa akin naman, Electrum lang usually ang gamit ko. Syempre copy paste lang tayo para mas safe, pero hindi ko agad tinutuloy yung transaction. I always do preview first, then check the address before finally pushing it through.

Nabiktima na rin kasi ako ng malware before and I lost all the funds I had, kaya hindi na yan mangyayari ulit.

By the way, about Electrum, okay lang ba na hindi muna mag-update? Yung version kasi na gamit ko is 4.5.8 pa lang and hindi ako sure ano na yung pinaka-latest ngayon. So far okay pa naman siya, and medyo hindi rin naman ganun kalaki yung funds ko. Kung ma-hack man, hindi masyadong masakit, just asking lang.

Ok lang naman hindi magupdate ng version ng electrum as long as walang announced na vulnerability patch ng mga nakaraang version.  Medyo hesitant din ako na magupdate ng electrum wallet after ng incident years ago kung saan na hijack ang updating system ng electrum, way back 2018 yata iyon. 

Pero syempte much better pa rin ang fully updaed para hindi na mag-alala, iyon nga lang ay dapat pa rin nating iverify ang update since nakita naman natin na pwedeng mahijack ang internal update ng software na nanggagaling mismo sa wallet command.

Itong USB crypto-malware parang katulad ng clipboard hijacker na nakainstall sa autorun feature ng USB.  Ang mga hacker talaga ginagamit ang lahat ng resources na pwede nilang magamit para makapanghack.  Kaya need talaga nating mag-ingat at ifully verify ang bawat address na icopy ng maraming beses para makasigurado tayo na tama ang patutunguhan ng ipapadala natin.