Cybersecurity firm Kaspersky has flagged a new sophisticated malware that steals crypto using fake Microsoft Office add-ins. These legit-looking extensions are uploaded to SourceForge, a website hosting platform, with descriptions copied from the legitimate GitHub project.
Per the malware description posted on Tuesday, appears with the SourceForge domain name and web hosting. “Pages like that are well-indexed by search engines and appear in their search results,” Kaspersky cybersecurity experts wrote.
Dubbed “officepackage,” the extension displays a list of office applications complete with version numbers and “Download” buttons.
Fake Downloads are Smaller in Size, Raises “Red Flags”
Kaspersky noted that the downloads are roughly seven-megabyte in size. “This raises some red flags, as office applications are never that small, even when compressed.”
The download pages takes victims to another page with a download button, containing a password-protected archive. However, the zip file after downloading the software exceeds 700 megabytes.
Attackers use the pumping technique to inflate the file size to look legit by appending junk data, Kaspersky flagged.
“As users seek ways to download applications outside official sources, attackers offer their own,” the report said. “They keep looking for new ways to make their websites look legit.”
Kaspersky Finds ‘ClipBanker’ Malware
The firm highlighted that the campaign injects the ClipBanker trojan through SourceForge. “ClipBanker is a malware family that replaces cryptocurrency wallet addresses in the clipboard with the attackers’ own,” it explained.
Crypto wallet users usually copy addresses rather than typing them. With the ClipBanker malware, the victim’s money will end up somewhere entirely unexpected.
Further, attackers could also sell system access to more dangerous actors apart from stealing cryptos.
“We advise users against downloading software from untrusted sources. If you are unable to obtain some software from official sources for any reason, remember that seeking alternative download options always carries higher security risks,” Kaspersky warned.
The post Kaspersky Flags Crypto-Stealing Malware Hidden in Fake Microsoft Office Add-Ins appeared first on Cryptonews.
