Kaspersky Flags Crypto-Stealing Malware Hidden in Fake Microsoft Office Add-Ins

Last updated: April 9, 2025 03:42 EDT

Author

Sujha Sundararajan

Author

Sujha Sundararajan

About Author

Sujha has been recognised as Women In Crypto 2024 by BeInCrypto for her leadership in crypto journalism.

Last updated:

April 9, 2025 03:42 EDT

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas – from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Fake Microsoft Extensions Embed Malware to Steal Crypto: Report

Cybersecurity firm Kaspersky has flagged a new sophisticated malware that steals crypto using fake Microsoft Office add-ins. These legit-looking extensions are uploaded to SourceForge, a website hosting platform, with descriptions copied from the legitimate GitHub project.

Per the malware description posted on Tuesday, appears with the SourceForge domain name and web hosting. “Pages like that are well-indexed by search engines and appear in their search results,” Kaspersky cybersecurity experts wrote.

Dubbed “officepackage,” the extension displays a list of office applications complete with version numbers and “Download” buttons.

Fake Downloads are Smaller in Size, Raises “Red Flags”

Kaspersky noted that the downloads are roughly seven-megabyte in size. “This raises some red flags, as office applications are never that small, even when compressed.”

The download pages takes victims to another page with a download button, containing a password-protected archive. However, the zip file after downloading the software exceeds 700 megabytes.

Attackers use the pumping technique to inflate the file size to look legit by appending junk data, Kaspersky flagged.

“As users seek ways to download applications outside official sources, attackers offer their own,” the report said. “They keep looking for new ways to make their websites look legit.”

Kaspersky Finds ‘ClipBanker’ Malware

The firm highlighted that the campaign injects the ClipBanker trojan through SourceForge. “ClipBanker is a malware family that replaces cryptocurrency wallet addresses in the clipboard with the attackers’ own,” it explained.

Crypto wallet users usually copy addresses rather than typing them. With the ClipBanker malware, the victim’s money will end up somewhere entirely unexpected.

Further, attackers could also sell system access to more dangerous actors apart from stealing cryptos.

“We advise users against downloading software from untrusted sources. If you are unable to obtain some software from official sources for any reason, remember that seeking alternative download options always carries higher security risks,” Kaspersky warned.

Credit: Source link

What's Hot

Best AI-Powered Meme Coins for 2025: Can $FPEPE Outrun the Pack?

PEPE Eyes 150% Jump To Grab Liquidity At $0.000025 After Bouncing Off ‘Powerful Support’

CertiK Validates FUNToken’s Smart Contract Strength With “AA” Upgrade

Kaspersky Flags Crypto-Stealing Malware Hidden in Fake Microsoft Office Add-Ins

Tether Partners with Adecoagro for Renewable-Powered Bitcoin (BTC) Mining in Brazil

40+ Fake Firefox Wallet Extensions Are Stealing Your Crypto, Koi Security Warns

Binance Pay Lights Up Riviera with 80+ Stablecoin Stores