SourceForge, a popular open-source software development platform, distributes malicious cryptocurrency mining tools disguised as Microsoft Office packages.
This campaign, uncovered by researchers at Kaspersky, targets users by creating fake project pages that mimic legitimate software downloads, ultimately leading to the installation of crypto miners and clipboard hijackers.
The attackers set up a fake project on SourceForge called “officepackage,” which appears to offer Microsoft Office add-ins. However, the project’s auto-generated subdomain, “officepackage.sourceforge.io,” is the actual trap. Search engines like Yandex indexed this page, making it visible to users searching for office software. Upon visiting the page, users are presented with a list of fake office apps, complete with download buttons that initiate the malware infection.
Once a user clicks on these fake download links, they are redirected multiple times before receiving a small zip file. Unzipping this file reveals a surprisingly large 700MB installer. When launched, the installer uses hidden scripts to fetch additional files from GitHub, eventually unpacking malware that checks for antivirus software. If no threats are detected, it installs tools like AutoIt and Netcat. One script sends system information to a Telegram bot, while another ensures the persistence of the crypto-mining malware on the system.
Kaspersky reports that approximately 90% of affected users are located in Russia, with over 4,600 hits recorded between January and March. The primary goal of this campaign is to steal cryptocurrency funds by exploiting infected machines for mining. However, researchers warn that these compromised systems may also be sold to other threat actors, potentially leading to further malicious activities.
This incident highlights the evolving tactics of cybercriminals in exploiting trusted platforms to spread malware. Users are advised to be cautious when downloading software from unfamiliar sources and to ensure their antivirus software is up-to-date. The use of SourceForge’s infrastructure in this campaign underscores the need for vigilance in the open-source community and the importance of verifying the authenticity of software downloads.
The exploitation of SourceForge to distribute crypto miners via fake Microsoft Office packages is a significant security concern. It emphasizes the importance of cybersecurity awareness and the need for robust protection measures against sophisticated malware attacks. As the threat landscape continues to evolve, staying informed about such tactics is crucial for protecting both personal and financial data.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
