Kaspersky Flags Crypto-Stealing Malware Hidden in Fake Microsoft Office Add-Ins

Posted on

Last updated:

Author

Sujha Sundararajan

Author

Sujha Sundararajan

About Author

Sujha has been recognised as 🟣 Women In Crypto 2024 🟣 by BeInCrypto for her leadership in crypto journalism.

Last updated:

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas – from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Fake Microsoft Extensions Embed Malware to Steal Crypto: Report

Cybersecurity firm Kaspersky has flagged a new sophisticated malware that steals crypto using fake Microsoft Office add-ins. These legit-looking extensions are uploaded to SourceForge, a website hosting platform, with descriptions copied from the legitimate GitHub project.

Per the malware description posted on Tuesday, appears with the SourceForge domain name and web hosting. “Pages like that are well-indexed by search engines and appear in their search results,” Kaspersky cybersecurity experts wrote.

Dubbed “officepackage,” the extension displays a list of office applications complete with version numbers and “Download” buttons.

Fake Downloads are Smaller in Size, Raises “Red Flags”

Kaspersky noted that the downloads are roughly seven-megabyte in size. “This raises some red flags, as office applications are never that small, even when compressed.”

The download pages takes victims to another page with a download button, containing a password-protected archive. However, the zip file after downloading the software exceeds 700 megabytes.

Attackers use the pumping technique to inflate the file size to look legit by appending junk data, Kaspersky flagged.

“As users seek ways to download applications outside official sources, attackers offer their own,” the report said. “They keep looking for new ways to make their websites look legit.”

Kaspersky Finds ‘ClipBanker’ Malware

The firm highlighted that the campaign injects the ClipBanker trojan through SourceForge. “ClipBanker is a malware family that replaces cryptocurrency wallet addresses in the clipboard with the attackers’ own,” it explained.

Crypto wallet users usually copy addresses rather than typing them. With the ClipBanker malware, the victim’s money will end up somewhere entirely unexpected.

Further, attackers could also sell system access to more dangerous actors apart from stealing cryptos.

“We advise users against downloading software from untrusted sources. If you are unable to obtain some software from official sources for any reason, remember that seeking alternative download options always carries higher security risks,” Kaspersky warned.

Related Posts

Japanese Police Arrest Suspect Yuta Kobayashi for ¥100 Million Crypto Laundering Scheme

Yuta Kobayashi, a 26-year-old from Japan, was arrested for laundering ¥100M through Monero in a credit card fraud scheme. Japanese authorities linked about 900 fraudulent transactions to his group, marking a significant move in combating cryptocurrency-related financial crimes in Japan.
The post Japanese Police Arrest Suspect Yuta Kobayashi for ¥100 Million Crypto Laundering Scheme appeared first on Cryptonews. …