Cryptocurrency Users Targeted by Malware on SourceForge

Coin WorldThursday, Apr 10, 2025 6:44 am ET

1min read

Cybercriminals have been exploiting SourceForge, a well-known open-source software platform, to target cryptocurrency users with malicious software disguised as legitimate Microsoft Office add-ins. This campaign, identified by security experts at Kaspersky, involves the distribution of fake tools that install malware on victims' computers, primarily affecting users in Russia.

The malicious software, known as ClipBanker, operates by monitoring the computer's clipboard. When a user copies a cryptocurrency wallet address, ClipBanker replaces it with an address controlled by the attacker. If the user proceeds with the transaction without noticing the change, their funds are redirected to the hacker's wallet. This method of address swapping is particularly insidious as it exploits the trust users place in copied information.

The fake add-ins are hosted on SourceForge and are designed to appear legitimate, complete with real-looking buttons and Office files. This deception allows them to show up in search results and appear trustworthy to unsuspecting users. Kaspersky noted that some of these files are unusually small, which can serve as a warning sign, as genuine Office add-ins are typically much larger, even when compressed.

Once installed, ClipBanker can gather detailed information about the infected device, including the IP address, country, and username, and send this data to the attacker via Telegram. The malware also checks for the presence of antivirus software and may remove itself if detected, making it difficult to trace. In some instances, ClipBanker installs a cryptocurrency miner, using the victim's device to generate digital coins for the attackers. Kaspersky warns that the access gained through this attack could be sold to other malicious actors for further exploitation.

The campaign appears to be primarily targeting Russian users, with the interface of the fake add-ins being in Russian and approximately 90% of affected users located in Russia. This geographic focus suggests a targeted approach by the attackers, leveraging the familiarity and trust users have with SourceForge and Microsoft Office products.

The discovery of this malware campaign highlights the ongoing threat posed by cybercriminals to cryptocurrency users. As the popularity of digital currencies continues to grow, so too does the sophistication of attacks aimed at stealing funds. Users are advised to exercise caution when downloading software from third-party sites and to verify the authenticity of any add-ins or tools before installation. Additionally, keeping antivirus software up-to-date and being vigilant about unusual file sizes can help mitigate the risk of falling victim to such attacks.

Comments

﻿

Add a public comment...

No comments yet

Disclaimer: The news articles available on this platform are generated in whole or in part by artificial intelligence and may not have been reviewed or fact checked by human editors. While we make reasonable efforts to ensure the quality and accuracy of the content, we make no representations or warranties, express or implied, as to the truthfulness, reliability, completeness, or timeliness of any information provided. It is your sole responsibility to independently verify any facts, statements, or claims prior to acting upon them. Ainvest Fintech Inc expressly disclaims all liability for any loss, damage, or harm arising from the use of or reliance on AI-generated content, including but not limited to direct, indirect, incidental, or consequential damages.