Cybersecurity firm Kaspersky has reported that hackers are using fake Microsoft Office extensions on SourceForge to steal cryptocurrencies. One such malicious extension, named “officepackage,” includes a hidden malware called ClipBanker. This malware replaces the copied wallet address in a user’s clipboard with the attacker’s address, leading to stolen funds. The fake listings mimic legitimate software, making them appear credible. Kaspersky warns that users should only download software from trusted sources, as using pirated programs increases the risk of infection. The report suggests that most victims so far have been in Russia, emphasizing the need for caution in online software downloads.
Malicious actors are using malware hidden in fake Microsoft Office extensions to steal cryptocurrency. This alarming news comes from cybersecurity experts at Kaspersky, who recently reported that these scams are appearing on the software hosting site SourceForge.
One notable fake extension is called “officepackage.” While it includes legitimate Microsoft Office add-ins, it conceals harmful malware named ClipBanker. Once installed, ClipBanker changes a copied cryptocurrency wallet address on the clipboard to the attacker’s address without the user knowing. This means that if a user copies a wallet address to make a transfer, they could accidentally send their funds to the hacker instead.
The fake extension resembles a real developer tool page, making it hard for users to recognize it as fraudulent. It can even show up in search results, making it more likely for users to download it. Kaspersky noted that the malware collects sensitive information from infected devices, including IP addresses and usernames, and sends this data to hackers via Telegram.
Attackers can also remove any signs of other malware or antivirus programs from an infected computer, making it easier for them to maintain their access. This campaign seems to primarily target Russian-speaking users, with most victims identified in Russia.
To protect against these threats, Kaspersky advises users to only download software from trusted sources. Pirated programs and unofficial downloads are far riskier and can lead to serious issues like identity theft and financial loss.
In conclusion, the rise of malware disguised as essential software highlights the need for vigilance when it comes to downloading and installing applications. Stay cautious and always look for reputable sources.
Keywords: cryptocurrency theft, malware, Microsoft Office extensions
Secondary Keywords: Kaspersky, ClipBanker, SourceForge
What is malware in Microsoft Office add-ins?
Malware in Microsoft Office add-ins refers to harmful software hidden within add-in files. These can secretly swap out cryptocurrency addresses, leading to fraudulent transactions.
How does crypto address swapping work?
Crypto address swapping happens when malware changes a cryptocurrency address in your clipboard. When you try to send money, it replaces your intended address with one controlled by the hacker.
How can I tell if an Office add-in is safe?
To check if an Office add-in is safe, look for reviews, check the source, and ensure it has clear permissions. Avoid downloading add-ins from unknown or untrusted websites.
What can I do to protect myself from this threat?
To protect yourself, keep your software updated, use antivirus tools, and be careful when installing add-ins. Always double-check addresses before sending cryptocurrency.
What should I do if I suspect I’ve been infected?
If you think you may have malware, disconnect from the internet and run an antivirus scan immediately. Change your passwords and consider contacting a cybersecurity professional for help.