Kaspersky has issued a warning about new malware targeting cryptocurrency users via SourceForge.
Overview of Malware
The Office Package project on SourceForge appears to be legitimate software; however, Kaspersky claims it includes malicious code targeting crypto users. The website officepackage.sourceforge.io looks different than the official project on SourceForge.
Attack Methodology
The malware download process is complex, requiring users to navigate through three URLs before downloading the file. The installation file, installer.msi, appears large, but after stripping junk bytes, its real size is only seven megabytes. Installing this file unknowingly loads two malicious apps: a miner and a ClipBanker that swaps the clipboard's cryptocurrency addresses with the attacker's.
Increase in Address Poisoning Attacks
According to Kaspersky, address poisoning attacks are becoming more common. The first three weeks of March saw losses exceeding $1.2 million due to these attacks. Experts emphasize that the primary solution is to avoid downloading software from untrusted sources.
Kaspersky suggests that this new malware not only targets crypto users but can be used for broader attacks. Users must remain vigilant and avoid downloading applications from unverified websites.
