Source: Cointelegraph Original: "{title}"
According to cybersecurity company Kaspersky, malicious actors are attempting to steal cryptocurrency by embedding malware in fake Microsoft Office plugins that are uploaded to the software hosting site SourceForge.
One of the malicious listings, named "officepackage," contains legitimate Microsoft Office plugins but hides malware called ClipBanker, which replaces cryptocurrency wallet addresses copied to the computer's clipboard with the attacker's address. Kaspersky's anti-malware research team stated in a report on April 8.
"Cryptocurrency wallet users typically copy addresses instead of typing them manually. If a device is infected with ClipBanker, the victim's funds will flow to completely unexpected places," the team said.
The pages of the fake projects on SourceForge mimic legitimate development tool pages, displaying Office add-ons and download buttons, and may also appear in search results.
Kaspersky reported the discovery of cryptocurrency theft malware on the software hosting site SourceForge. Source: Kaspersky
Kaspersky noted that another feature of the malware infection chain is sending information about infected devices, such as IP addresses, countries, and usernames, to hackers via Telegram.
The malware can also scan the infected system to check if antivirus software is installed and remove itself.
Kaspersky indicated that some files in the fake downloads are very small, raising "red flags because Office applications have never been that small, even when compressed."
Other files are filled with junk data to convince users that they are viewing a legitimate software installer.
The company stated that attackers ensure access to infected systems through "various methods, including unconventional ones."
"While the attacks primarily target cryptocurrency through the deployment of mining programs and ClipBanker, attackers may sell system access to more dangerous actors."
The interface is in Russian, leading Kaspersky to speculate that its targets are Russian users.
"Our telemetry data shows that 90% of potential victims are in Russia, where 4,604 users encountered this scam between early January and the end of March," the report noted.
To avoid becoming a victim, Kaspersky recommends downloading software only from trusted sources, as pirated programs and alternative download options carry higher risks.
"Disguising malware as pirated software for distribution is not a new phenomenon," the company stated. "As users look for ways to download applications outside of official sources, attackers provide their own. They are constantly seeking new ways to make their sites appear legitimate."
Other companies are also warning about new forms of malware targeting cryptocurrency users.
Threat Fabric reported on March 28 that it discovered a new family of malware capable of launching a fake overlay to deceive Android users into providing their cryptocurrency seed phrases, as it takes over the device.
Related: Panic-stricken Bitcoin (BTC) users mistakenly pay nearly $60,000 in transaction fees.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
