Summary: Threat actors are distributing cryptocurrency miner and clipper malware disguised as cracked software versions on SourceForge, particularly targeting Russian-speaking users looking for Microsoft Office. A recent report details how malicious ZIP files and PowerShell scripts facilitate the infection process, ultimately leading to the deployment of the malicious software. Additionally, a campaign using a malware downloader called TookPS has been identified, indicating a broader effort to compromise users’ systems with various forms of malicious software.
Affected: SourceForge, Russian-speaking users, cybersecurity
Keypoints :
- Malicious payloads are distributed as cracked software, primarily targeting Microsoft Office users on SourceForge.
- Infected ZIP files contain scripts that execute additional malware and establish remote access to victims’ computers.
- The campaign also includes fraud by impersonating legitimate sites, distributing other malware like TookPS and ThunderShell.
Source: https://thehackernews.com/2025/04/cryptocurrency-miner-and-clipper.html