Malicious actors are attempting to steal crypto with malware embedded in fake Microsoft Office extensions uploaded to the software hosting site SourceForge, according to cybersecurity firm Kaspersky.
One of the malicious listings, called “officepackage,” has real Microsoft Office add-ins but hides a malware called ClipBanker that replaces a copied crypto wallet address on a computer’s clipboard with the attacker’s address, Kaspersky’s Anti-Malware Research Team said in an April 8 report.
“Users of crypto wallets typically copy addresses instead of typing them. If the device is infected with ClipBanker, the victim’s money will end up somewhere entirely unexpected,” the team said.
The fake project’s page on SourceForge mimics a legitimate developer tool page, showing the office add-ins and download buttons and can also appear in search results.
Kaspersky said it found a crypto-stealing malware on the software hosting website SourceForge. Source: <a data-ct-non-breakable="null" href="https://securelist.com/miner-clipbanker-sourceforge-campaign/116088/" rel="null"