Summary: Cybercriminals have exploited SourceForge, a well-known platform for hosting open-source software, to distribute sophisticated malware disguised as legitimate Microsoft Office enhancements. A recent Kaspersky Labs report detailed a deceptive campaign involving a Combo of a ClipBanker Trojan and a cryptocurrency miner, targeting users through a cloned project that lured them into executing malicious files. The attack appears focused on Russian-speaking victims, utilizing low-tech tactics to evade detection while establishing persistent access to infected systems.
Affected: SourceForge, Microsoft Office users, potentially any users downloading software from SourceForge
Keypoints :
- Attackers created a fake project titled “officepackage” on SourceForge, clashing with an authentic GitHub repository.
- A multi-stage infection process is initiated by clicking a misleading “Download” button, leading to a variety of components that compromise user systems.
- The malware includes a ClipBanker Trojan that hijacks cryptocurrency wallet addresses and utilizes multiple persistence mechanisms to maintain a foothold on infected machines.
- Most victims appear to be from Russian-speaking regions, with a deliberate strategy to target them using familiar language and false legitimacy.