Hackers Exploit Fake Microsoft Office Add-ins to Spread Crypto Miner and Wallet-Stealing Trojan

In a recent security alert, Kaspersky researchers have uncovered a unique malware distribution scheme exploiting Sourceforge, a popular software hosting platform. Attackers have created a project named “officepackage” that appears to offer Microsoft Office add-ins but instead leads users to download malicious software. The scheme involves redirecting users from a seemingly legitimate Sourceforge page to a deceptive site where they are prompted to download a suspicious archive. This archive contains a Windows Installer file that, when executed, initiates a complex infection chain, ultimately deploying a cryptocurrency miner and the Clipbanker Trojan, which replaces cryptocurrency wallet addresses in the clipboard with those of the attackers. The operation primarily targets Russian-speaking users, with telemetry indicating that over 4,600 individuals encountered the scheme in just a few months.