{"id":21278,"date":"2025-04-09T12:02:03","date_gmt":"2025-04-09T12:02:03","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=21278"},"modified":"2025-04-09T12:02:03","modified_gmt":"2025-04-09T12:02:03","slug":"fake-microsoft-office-extensions-used-to-spread-crypto-stealing-malware-kaspersky-warns","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=21278","title":{"rendered":"Fake Microsoft Office Extensions Used To Spread Crypto-Stealing Malware, Kaspersky Warns"},"content":{"rendered":"
\n

Cybersecurity firm Kaspersky has <\/span>issued a warning<\/span> about malicious Microsoft Office extensions being used to spread malware that targets cryptocurrency users. <\/span><\/p>\n

The malware, hidden in fake software packages uploaded to SourceForge, is designed to steal funds by altering copied crypto wallet addresses.<\/span><\/p>\n

In its <\/span>April 8 report<\/span><\/a>, Kaspersky\u2019s Anti-Malware Research Team revealed that one malicious listing, called \u201cofficepackage.\u201d It appears to contain legitimate Microsoft Office add-ins but is bundled with a program known as ClipBanker. <\/span><\/p>\n

EXPLORE:\u00a0<\/span>Best New Cryptocurrencies to Invest in 2025<\/span><\/a><\/strong><\/p>\n

Clipboard-Hijacking Malware Swaps Crypto Wallet Addresses To Steal Funds<\/span><\/h2>\n

The malware monitors a user\u2019s clipboard and, if it detects a copied crypto wallet address, replaces it with an address controlled by the attacker.<\/span><\/p>\n

\u201cUsers of crypto wallets typically copy addresses instead of typing them. If the device <\/span>is infected<\/span> with ClipBanker, the victim\u2019s money will end up somewhere entirely unexpected,\u201d Kaspersky\u2019s team stated.<\/span><\/p>\n

The malware campaign <\/span>is designed<\/span> to mimic legitimate software, <\/span>complete<\/span> with a polished page on SourceForge and fake download buttons. <\/span><\/p>\n

The malware also collects sensitive data from infected devices\u2014such as IP addresses, countries, and usernames. These <\/span>are<\/span> sent<\/span> to the attackers via Telegram. Some files in the installer are suspiciously small, while others are padded with junk data to appear more convincing.<\/span><\/p>\n

Kaspersky also found that the malware avoids detection by checking for existing antivirus software and removing itself if identified. While the malware\u2019s primary function is to steal crypto funds via mining and address swapping, the attackers may also sell access to compromised systems to more dangerous actors.<\/span><\/p>\n

The Russian-language interface suggests the malware may be targeting Russian-speaking users specifically. Kaspersky noted that 90% of detected victims <\/span>were <\/span>based<\/span> in Russia, with over 4,600 users affected between January and March 2025.<\/span><\/p>\n

\n

\"\ud83d\udea8\" ALERT: <\/p>\n

A malware disguised as Microsoft Office add-ins on SourceForge is targeting crypto users with a clipboard-hijacking technique, according to Kaspersky.<\/p>\n

The malware replaces copied crypto wallet addresses with the attacker’s address. $sol<\/a> $eth<\/a> #cybercrime<\/a> pic.twitter.com\/p8rLsEbUos<\/a><\/p>\n

\u2014 Tom Bibiyan \"\ud83c\uddfa\ud83c\uddf8\" (@realtombibiyan) April 9, 2025<\/a><\/p>\n<\/blockquote>\n