Keypoints
- CryptoBandits is a Windows-based clipper with backdoor and RCE capabilities.
- The malware has been active in attacks since February 2026.
- It spreads through malicious shortcut (.lnk) files and USB-based propagation.
- A bundled Tor client and local SOCKS5 proxy hide its C&C traffic.
- It steals wallet data and replaces clipboard addresses with attacker-controlled ones.
Read More: https://www.securityweek.com/cryptobandits-malware-doubles-as-a-backdoor-abuses-tor/