← Back to Home
June 19, 2026

Mars missions and USB malware stealing your crypto wallet

NASA picks Eric Schmidt's Relativity Space for 2028 Mars mission
SPACE

NASA picks Eric Schmidt's Relativity Space for 2028 Mars mission

Here's something worth pausing on: the rocket company tasked with NASA's next Mars mission has never successfully launched a rocket to orbit. That's the situation Relativity Space finds itself in — and NASA is betting on them anyway.

NASA has selected Relativity Space to carry its Aeolus payload to Mars in 2028, under a public-private partnership that hands the company responsibility for the spacecraft, the rocket, and all cruise operations between Earth and Mars. The payload itself will study Martian winds, temperatures, dust, and cloud patterns — giving scientists their first daily, global picture of the Martian atmosphere. That's not a small ask from a company still working toward its first successful orbital flight.

The science here is genuinely important. Understanding the Martian atmosphere isn't just academic. When you're trying to land a spacecraft — or eventually a crewed vehicle — on Mars, the atmosphere is what kills you. It's thin enough to be nearly useless for slowing descent, but thick enough to generate unpredictable drag. Better atmospheric data directly improves the odds that future landers, robotic or human, actually survive entry. Aeolus, with its four onboard instruments, is essentially a weather station for a planet we're planning to visit.

Relativity Space's path to this contract is a strange one. The company made headlines a few years ago by launching Terran 1, marketed as the world's first 3D-printed rocket. The launch was a milestone in manufacturing ambition but a failure in practical terms — the rocket didn't make it to orbit. Since then, Relativity has been developing its larger Terran R rocket, which is expected to attempt its first launch sometime later this year.

The company also has new leadership at the top. Eric Schmidt, who ran Google from 2001 to 2011 and has spent the years since becoming one of tech's most prolific defense and deep-tech investors, took over as CEO in 2025. His fingerprints are all over Relativity's sharpened focus on national security and government contracts. Landing a NASA Mars mission is exactly the kind of high-profile anchor contract that gives a startup credibility — and keeps investors patient while the actual rockets get sorted out.

The optimistic read: Relativity has three years to get Terran R operational before the 2028 launch window opens, and NASA clearly believes that's achievable. Mars launch windows are dictated by orbital mechanics and only open every 26 months, so 2028 isn't a soft deadline — miss it and you're waiting until 2030.

The skeptical read: this is a company asking NASA to trust them with a science mission to another planet before they've proven they can reliably reach low Earth orbit. That's a significant leap of faith, even by the freewheeling standards of the commercial space industry.

Either way, watch the Terran R debut closely. That launch will tell you a lot about whether 2028 is a plan or a wish.
Source: The Verge
Microsoft uncovers USB-spreading backdoor that silently steals cryptocurrency
SECURITY

Microsoft uncovers USB-spreading backdoor that silently steals cryptocurrency

A piece of malware that spreads via USB drives — the kind of attack vector that feels like it belongs in a 2009 threat briefing — is quietly draining cryptocurrency wallets in 2026. Microsoft just flagged it, and the technical details are more sophisticated than the delivery method suggests.

The malware, which Microsoft is calling Crypto Clipper, is a self-propagating worm that hitches rides on USB drives using .lnk files — shortcut files that can quietly execute code when opened. Plug in an infected drive, and the worm checks whether it's already on your machine. If it isn't, it downloads itself through a Tor proxy, installs quietly, and gets to work. It even renames its files on the USB drive to blend in with whatever legitimate files are already there. Old-school delivery, genuinely clever concealment.

Once installed, Crypto Clipper does two things well. First, it monitors your clipboard constantly, scanning for patterns that match cryptocurrency wallet addresses or the 12- and 24-word seed phrases used to recover crypto accounts. When it finds a match, it swaps the copied address for one controlled by the attacker — meaning the next time you paste a wallet address to send funds, you're actually sending them to someone else. Second, it takes five screenshots over ten seconds whenever it detects something interesting, capturing visual context around whatever you were doing.

All of that stolen data — credentials, screenshots, replaced addresses — gets routed back to the attacker through Tor using a SOCKS5 proxy setup. The practical effect is that there's no exposed server IP to trace. No traditional command-and-control infrastructure to block. The whole operation is designed to look like normal encrypted traffic until it's long gone.

What makes Microsoft's write-up worth reading carefully is the framing. They're not describing this as just a crypto stealer — they're calling it a lightweight backdoor. The remote code execution capability means attackers aren't just grabbing what's already on your machine; they can issue new instructions later. That upgrades this from a smash-and-grab to something with longer-term potential for whoever deployed it.

For the average crypto holder, the practical threat is the clipboard hijacking. It's the kind of attack that works precisely because people don't verify wallet addresses character by character before hitting send. A long string of letters and numbers all looks the same at a glance, and attackers know it.

Microsoft Defender for Endpoint and Defender Antivirus both detect components of Crypto Clipper now, so if you're running either, you have some coverage. The broader warning signs to watch for include script interpreters spawning unexpected child processes, proxy activity on localhost port 9050, PowerShell running screen-capture commands, and any indication that clipboard contents are being read or modified.

And maybe, just for old times' sake, be careful about which USB drives you plug in.
Source: Ars Technica

Enjoyed this?

Get stories like this delivered every Tuesday — free.