Summary: Threat actors are exploiting SourceForge to distribute counterfeit Microsoft Office add-ins that secretly install malware on users’ machines to mine and steal cryptocurrency. Despite SourceForge being a legitimate platform, a recent campaign has affected over 4,600 systems, especially in Russia, using deceptive tactics to lure unsuspecting users. Users are urged to download software only from verified sources and to utilize antivirus tools for additional protection.
Affected: SourceForge users and systems worldwide
Keypoints :
- Malware camouflaged as “officepackage” mimics legitimate Microsoft Office add-ins.
- Victims are directed to a compromised SourceForge page that appears genuine, leading to a ZIP file containing malware.
- Distributed malware includes a cryptocurrency miner and a clipboard hijacking tool, allowing attackers to exploit compromised systems.