Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Beware, these dangerous fake Microsoft Office add-ons are spreading malware

A white padlock on a dark digital background.

  • Kaspersky found a new malicious campaign leveraging SourceForge
  • The campaign distributed a crypto miner and a clipboard jacker
  • SourceForge said the attack was quickly stopped

Hackers tried using SourceForge to distribute malware, but thanks to the platform’s swift reaction, a major escalation seems to have been averted.

Security researchers Kaspersky said they spotted a “rather unique” malware distribution scheme in which a fake Microsoft Office project, called ‘officepackage’, was uploaded to the main website sourceforge.net.

Officepackage was advertised as a compilation of Microsoft Office add-in development tools. Its description and files are a copy of the legitimate Microsoft project ‘Office-Addin-Scripts’, it was said, which can be found on GitHub.

"No malicious files hosted"

In reality, the files serve as a malware dropper, a cryptocurrency miner, and a clipboard jacker.

Kaspersky said the threat actors can use the files deployed through the project to drop additional malware on compromised endpoints, or to use their computing power to mine cryptocurrencies.

Furthermore the files keep track of the clipboard for copied crypto addresses and replace them with the ones belonging to the attackers, on paste.

For those unaware of SourceForge, it is a popular website that hosts open-source software projects, and provides hosting, comparison, and distribution services.

Kaspersky said that before being pulled, the malware infected 4,604 systems, most of which are in Russia.

SourceForge, on the other hand, says that its platform wasn’t broken into: "There were no malicious files hosted on SourceForge and there were no breaches of any kind,” the project’s president, Logan Abbott, said in a written statement.

“The malicious actor and project in question were removed almost immediately after it was discovered. All files on SourceForge.net (the main website, not the project website subdomains) are scanned for malware and that is where users should download files from. Regardless, we’ve put additional safeguards in place so that project websites using free web hosting cannot link to externally hosted files or use shady redirects in the future."

Via BleepingComputer

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.