Hackers Exploit Fake Microsoft Office Add-ins to Spread Crypto Miner and Wallet-Stealing Trojan

In a recent security alert, Kaspersky researchers have uncovered a unique malware distribution scheme exploiting Sourceforge, a popular software hosting platform. Attackers have created a project named “officepackage” that appears to offer Microsoft Office add-ins but instead leads users to download malicious software. The scheme involves redirecting users from a seemingly legitimate Sourceforge page to a deceptive site where they are prompted to download a suspicious archive. This archive contains a Windows Installer file that, when executed, initiates a complex infection chain, ultimately deploying a cryptocurrency miner and the Clipbanker Trojan, which replaces cryptocurrency wallet addresses in the clipboard with those of the attackers. The operation primarily targets Russian-speaking users, with telemetry indicating that over 4,600 individuals encountered the scheme in just a few months.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到[email protected]，本平台相关工作人员将会进行核查。