Crypto users targeted in SourceForge malware attack via fake Microsoft Office softwares
Cybercriminals are targeting crypto users by exploiting SourceForge, a well-known open-source software platform.
According to security experts at Kaspersky, malicious attackers upload fake Microsoft Office installers packed with hidden malware, including crypto miners and clipboard hijackers, to deceive unsuspecting users.
They noted that while the SourceForge project pages appear legitimate, the danger lies in their auto-generated subdomains. In one instance, Russia’s Yandex search engine indexed a fake domain, leading unsuspecting users to a page filled with counterfeit Office tools and download buttons.
Data from Kaspersky indicates that more than 4,600 incidents were recorded in the first quarter of 2025, with 90% of the affected users in Russia.
It was unclear if this attack had led to significant financial losses for crypto users.
The attack
In this attack, the hackers upload weaponized software to SourceForge’s project pages. These pages mimic legitimate Office-related tools, but the installers contain embedded scripts that deliver harmful payloads.
The trap begins with a small archive file named vinstaller.zip, only around 7MB. This is suspicious, as genuine Office software is significantly larger—even when compressed.
However, once the file is unzipped, it balloons into a 700MB installer packed with hidden scripts. These scripts silently fetch additional files from GitHub and scan the system for antivirus tools.
If no protection is detected, the installer loads crypto mining software and a clipbanker Trojan.
According to the blog post:
“ClipBanker is a malware family that replaces cryptocurrency wallet addresses in the clipboard with the attackers’ own. Users of crypto wallets typically copy addresses instead of typing them. If the device is infected with ClipBanker, the victim’s money will end up somewhere entirely unexpected.”
At the same time, one of the scripts sends user information to a Telegram bot, giving the hacker full access to sensitive data.
This campaign highlights how hackers leverage trusted platforms to bypass security systems and spread malware at scale.
The post Crypto users targeted in SourceForge malware attack via fake Microsoft Office softwares appeared first on CryptoSlate.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Crypto’s Coolest Climber? Troller Cat Stirs Whitelist Buzz as Non-Playable Coin and Osaka Protocol Stretch
Troller Cat charms presale hunters as Osaka Protocol and Non-Playable Coin rally. Discover which meme coin could pounce to the top next.Troller Cat: Meme Mischief Meets Deflationary MasterplanOsaka Protocol: A Cultural Play with Serious MomentumNon-Playable Coin: Turning Side Characters into StarsConclusion: The Meme Coin Race Is Heating Up
Bitcoin Surges Past $87.6K Despite Market Tariff Turmoil
Bitcoin hits $87.6K, its highest since April, defying declines in traditional assets post-Trump tariffs.Bitcoin Rallies to $87.6K Amid Economic UncertaintyTrump’s Tariffs Spark Flight to CryptoWhat This Means for Bitcoin Investors
Raydium LaunchLab Generates 3,760 Tokens in Days
Raydium’s LaunchLab sees 3,760 tokens created since April 16, but only 1.12% move beyond the launch phase.Raydium’s LaunchLab Sparks Token Boom — But Few ThriveA Glimpse Into Web3’s Open InnovationWhat It Means for the Solana and DeFi Community
Blockchain interoperability protocol Analog completes $15 million token sale
Trending news
MoreCrypto prices
More
