Kaspersky Warns Of Crypto-Stealing Malware In SourceForge Microsoft Package

Kaspersky Warns Of Crypto-Stealing Malware In SourceForge Microsoft Package—Here's How to Stay Protected

David Okoya

Sun, Apr 13, 2025, 11:01 AM 4 min read

Kaspersky has recently found crypto-stealing malware disguised as a Microsoft Office package on SourceForge.
While the malware primarily tricks users into sending crypto to bad actors, Kaspersky warns that the threat extends far beyond that.
Thousands of users have encountered this scheme in the past three months.

As crypto adoption grows, so too does interest from bad actors.

In likely evidence of this trend, warnings of security threats have ramped up in recent weeks, from Threat Fabric’s Crocodilus malware warning to Kaspersky‘s recent Triada Trojan warning. In the latest instance, Kaspersky is back with a warning of yet another security risk facing crypto users.

A Malicious “Officepackage”

Kaspersky has recently found crypto-stealing malware disguised as a Microsoft (NASDAQ:MSFT) Office package on SourceForge, a popular software hosting and distribution platform.

Don't Miss:

Maker of the $60,000 foldable home has 3 factory buildings, 600+ houses built, and big plans to solve housing — this is your last chance to become an investor for $0.80 per share.
‘Scrolling To UBI' — Deloitte's #1 fastest-growing software company allows users to earn money on their phones. You can invest today for just $0.26/share with a $1000 minimum.

In a Tuesday blog post, the cybersecurity outfit warned of a project it found on SourceForge called “officepackage,” which posed as a legitimate Microsoft Office add-in project but redirected users to another website to download malware disguised as pirated Microsoft Office applications.

Once downloaded, Kaspersky explains that the malware scans the system for previous infections and antivirus software, deleting itself if it finds either. But if the system passes both checks, the malware quickly sends out a message of key system data through a Telegram API, sets up several re-entry measures and delivers its payload, the so-called ClipBanker.

ClipBanker is a malicious code that replaces cryptocurrency addresses in a system’s clipboard with the attacker’s own. This exploit is particularly potent as crypto users typically copy wallet addresses instead of typing them out to avoid errors. As such, ClipBanker turns what is usually a safety precaution into the user’s undoing.

Trending: It’s no wonder Jeff Bezos holds over $250 million in art — this alternative asset has outpaced the S&P 500 since 1995, delivering an average annual return of 11.4%. Here’s how everyday investors are getting started.

Still, the threat of the officepackage scheme may extend beyond stealing cryptocurrencies.

“While the attack primarily targets cryptocurrency by deploying a miner and ClipBanker, the attackers could sell system access to more dangerous actors,” Kaspersky warned.

Responding to the recent Kaspersky report, SourceForge President Logan Abbot told Cointelegraph that the firm had removed the officepackage software from its platform and put measures in place to prevent future occurrences. But these measures arrived too late for thousands of users.

According to Kaspersky, 4,604 users were affected by the scheme between January and March, with Russians seemingly the primary target as they accounted for 90% of the victims.

See Also: Are you rich? Here’s what Americans think you need to be considered wealthy.

How To Stay Safe From Schemes Like The Officepackage Exploit

While the officepackage scheme is particularly tricky, there are simple measures users can take to stay protected.

For one, as highlighted by Kaspersky, users should stick to official sources for their software as much as possible.

“We advise users against downloading software from untrusted sources. If you are unable to obtain some software from official sources for any reason, remember that seeking alternative download options always carries higher security risks,” the firm stressed.

Another step users can take to stay safe is to have up-to-date antivirus software for prompt and easy malware detection.

Furthermore, users should always double-check wallet addresses before executing transfers to avoid making transfers to unwanted addresses.

Read Next:

Hasbro, MGM, and Skechers trust this AI marketing firm — invest pre-IPO from $0.55 per share now.
Deloitte's fastest-growing software company partners with Amazon, Walmart & Target – Many are rushing to grab 4,000 of its pre-IPO shares for just $0.26/share!

Up Next: Transform your trading with Benzinga Edge's one-of-a-kind market trade ideas and tools. Click now to access unique insights that can set you ahead in today's competitive market.

Get the latest stock analysis from Benzinga?