news 
Attackers Exploit SourceForge to Spread Crypto-Stealing Software
A recent investigation by Kaspersky has revealed a sophisticated malware distribution campaign exploiting the software hosting platform, SourceForge. Cybercriminals have used the platform to distribute malware disguised as legitimate software, primarily targeting Russian-speaking users.
The malicious project, named “officepackage” on SourceForge, offered Microsoft Office add-ins sourced from a legitimate GitHub repository. However, clicking the download links redirected users to external sites that delivered malware-laden files. Once installed, the victims’ systems were infected with two types of malware: a cryptocurrency miner and a ClipBanker Trojan.
The cryptocurrency miner covertly utilizes the victim’s system resources to mine cryptocurrency, causing degraded system performance and increased energy consumption. On the other hand, the ClipBanker Trojan monitors the clipboard for cryptocurrency wallet addresses, replacing them with ones controlled by the attackers during transactions. This allows the attackers to redirect funds during cryptocurrency transactions.
The campaign has predominantly targeted Russian-speaking individuals, with a staggering 90% of the reported 4,604 victims located in Russia between early January and late March 2025. The attackers utilized search engine optimization techniques to ensure their malicious SourceForge pages appeared prominently in search results, increasing the likelihood of user engagement.
Experts advise users to exercise extreme caution when downloading software from online platforms, emphasizing the importance of verifying the authenticity of the source and being wary of unsolicited download links. Furthermore, they highlight that this malware can be sold to more dangerous actors, compromising sensitive information.
As a result, users are encouraged to rely on official sources for software downloads and maintain updated security solutions to detect and prevent malware infections.
It is crucial for online users to remain vigilant and cautious when interacting with any website or platform.
Source: https://fullycrypto.com/attackers-exploit-sourceforge-to-spread-crypto-stealing-software?utm_source=rss&utm_medium=rss&utm_campaign=attackers-exploit-sourceforge-to-spread-crypto-stealing-software
