Microsoft flags CryptoBandits malware active since at least February 2026 that steals crypto wallets via infected USB drives

Microsoft has warned about a sophisticated crypto-stealing malware campaign dubbed CryptoBandits that has been active since at least February 2026. The malware spreads through infected USB drives and can hijack wallet addresses by replacing copied destinations. It also targets seed phrases and private keys to gain full access to victims’ wallets.