Crypto users targeted in SourceForge malware attack via fake Microsoft Office softwares
Cybercriminals are targeting crypto users by exploiting SourceForge, a well-known open-source software platform.
According to security experts at Kaspersky, malicious attackers upload fake Microsoft Office installers packed with hidden malware, including crypto miners and clipboard hijackers, to deceive unsuspecting users.
They noted that while the SourceForge project pages appear legitimate, the danger lies in their auto-generated subdomains. In one instance, Russia’s Yandex search engine indexed a fake domain, leading unsuspecting users to a page filled with counterfeit Office tools and download buttons.
Data from Kaspersky indicates that more than 4,600 incidents were recorded in the first quarter of 2025, with 90% of the affected users in Russia.
It was unclear if this attack had led to significant financial losses for crypto users.
The attack
In this attack, the hackers upload weaponized software to SourceForge’s project pages. These pages mimic legitimate Office-related tools, but the installers contain embedded scripts that deliver harmful payloads.
The trap begins with a small archive file named vinstaller.zip, only around 7MB. This is suspicious, as genuine Office software is significantly larger—even when compressed.
However, once the file is unzipped, it balloons into a 700MB installer packed with hidden scripts. These scripts silently fetch additional files from GitHub and scan the system for antivirus tools.
If no protection is detected, the installer loads crypto mining software and a clipbanker Trojan.
According to the blog post:
“ClipBanker is a malware family that replaces cryptocurrency wallet addresses in the clipboard with the attackers’ own. Users of crypto wallets typically copy addresses instead of typing them. If the device is infected with ClipBanker, the victim’s money will end up somewhere entirely unexpected.”
At the same time, one of the scripts sends user information to a Telegram bot, giving the hacker full access to sensitive data.
This campaign highlights how hackers leverage trusted platforms to bypass security systems and spread malware at scale.
The post Crypto users targeted in SourceForge malware attack via fake Microsoft Office softwares appeared first on CryptoSlate.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Rachel Reeves says UK trade ties with Europe ‘even more important’ than the US
Share link:In this post: UK Chancellor Rachel Reeves suggested that Britain’s trade connections with the EU are more important than with the US. The chancellor said that getting closer to the EU on trade matters is of higher priority despite her current focus on negotiations with the Trump administration. She also noted that it is important for the UK to rebuild its trading relationships with its immediate neighbors in Europe.
Nike sued over abrupt shutdown of RTFKT NFT unit
Share link:In this post: Nike is being sued by a group of buyers over the sudden shutdown of its NFT unit, RTFKT, in December 2024. Plaintiffs claim they lost money because their Nike-themed NFTs dropped in value after the shutdown. The group seeks over $5 million in damages under various state consumer protection laws.
Federal Reserve eases restrictions on crypto banking rules
SEC chair outlines plan to revise crypto rules
Trending news
MoreCrypto prices
More
