Beware, these dangerous fake Microsoft Office add-ons are spreading malware

• Kaspersky found a new malicious campaign leveraging SourceForge
• The campaign distributed a crypto miner and a clipboard jacker
• SourceForge said the attack was quickly stopped

Hackers tried using SourceForge to distribute malware, but thanks to the platform’s swift reaction, a major escalation seems to have been averted.

Security researchers Kaspersky said they spotted a “rather unique” malware distribution scheme in which a fake Microsoft Office project, called ‘officepackage’, was uploaded to the main website sourceforge.net.

Officepackage was advertised as a compilation of Microsoft Office add-in development tools. Its description and files are a copy of the legitimate Microsoft project ‘Office-Addin-Scripts’, it was said, which can be found on GitHub.

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

View Deal

"No malicious files hosted"

In reality, the files serve as a malware dropper, a cryptocurrency miner, and a clipboard jacker.

Kaspersky said the threat actors can use the files deployed through the project to drop additional malware on compromised endpoints, or to use their computing power to mine cryptocurrencies.

Furthermore the files keep track of the clipboard for copied crypto addresses and replace them with the ones belonging to the attackers, on paste.

For those unaware of SourceForge, it is a popular website that hosts open-source software projects, and provides hosting, comparison, and distribution services.

Kaspersky said that before being pulled, the malware infected 4,604 systems, most of which are in Russia.

SourceForge, on the other hand, says that its platform wasn’t broken into: "There were no malicious files hosted on SourceForge and there were no breaches of any kind,” the project’s president, Logan Abbott, said in a written statement.

“The malicious actor and project in question were removed almost immediately after it was discovered. All files on SourceForge.net (the main website, not the project website subdomains) are scanned for malware and that is where users should download files from. Regardless, we’ve put additional safeguards in place so that project websites using free web hosting cannot link to externally hosted files or use shady redirects in the future."

Via BleepingComputer

You might also like

• Microsoft warns many big Android apps carry major flaws
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers