What specific methods does the new malware use to appear legitimate? How does the size of the downloads raise suspicion about their authenticity? What is the function of the ClipBanker trojan within the malware strategy? What precautions does Kaspersky recommend to users regarding software downloads? How do attackers manipulate file sizes to disguise their malicious intent?
Cybersecurity firm Kaspersky has flagged a new sophisticated malware that steals crypto using fake Microsoft Office add-ins. These legit-looking extensions are uploaded to SourceForge, a website hosting platform, with descriptions copied from the legitimate GitHub project. Per the malware description posted on Tuesday, it appears with the SourceForge domain name and web hosting. “Pages like that are well-indexed by search engines and appear in their search results,” Kaspersky cybersecurity experts wrote. Dubbed “officepackage,” the extension displays a list of office applications complete with version numbers and “Download” buttons.
Fake Downloads are Smaller in Size, Raises “Red Flags”
Kaspersky noted that the downloads are roughly seven megabytes in size. “This raises some red flags, as office applications are never that small, even when compressed.” The download pages take victims to another page with a download button, containing a password-protected archive. However, the zip file after downloading the software exceeds 700 megabytes. Attackers use the pumping technique to inflate the file size to look legit by appending junk data, Kaspersky flagged. “As users seek ways to download applications outside official sources, attackers offer their own,” the report said. “They keep looking for new ways to make their websites look legit.”
Kaspersky Finds ‘ClipBanker’ Malware
The firm highlighted that the campaign injects the ClipBanker trojan through SourceForge. “ClipBanker is a malware family that replaces cryptocurrency wallet addresses in the clipboard with the attackers’ own,” it explained. Crypto wallet users usually copy addresses rather than typing them. With the ClipBanker malware, the victim’s money will end up somewhere entirely unexpected. Further, attackers could also sell system access to more dangerous actors apart from stealing cryptos. “We advise users against downloading software from untrusted sources. If you are unable to obtain software from official sources for any reason, remember that seeking alternative download options always carries higher security risks,” Kaspersky warned.
The post Kaspersky Flags Crypto-Stealing Malware Hidden in Fake Microsoft Office Add-Ins appeared first on Cryptonews.
Kaspersky Flags Crypto-Stealing Malware Hidden in Fake Microsoft Office Add-Ins
In a rapidly evolving digital landscape, cybersecurity threats continue to proliferate, with malicious actors continuously seeking new ways to exploit vulnerabilities. Recently, Kaspersky, a renowned cybersecurity firm, made headlines by uncovering a sophisticated form of malware that targets cryptocurrency users via fake Microsoft Office add-ins. This revelation underscores the importance of vigilance in cybersecurity, particularly in the realm of financial transactions and cryptocurrency investments.
The Rise of Cryptocurrency Theft
As cryptocurrency gains legitimacy and popularity, it has also become a prime target for cybercriminals. The decentralized nature of digital currencies like Bitcoin, Ethereum, and others makes them appealing due to the potential for anonymity in transactions. Consequently, hacking attempts and thefts have surged, with losses from crypto-related crimes reaching unprecedented levels in recent years. Cybercriminals are constantly developing new tactics to exploit the vulnerabilities associated with these currencies.
The Mechanism of the Attack
Kaspersky’s investigation revealed that these malicious actors are employing a clever strategy by embedding crypto-stealing malware in seemingly harmless files masquerading as Microsoft Office add-ins. These add-ins are legitimate extensions that enhance the functionality of Microsoft Office applications, allowing users to create better documents, spreadsheets, or presentations. However, the malicious versions are crafted to deceive unsuspecting users into downloading and installing them.
Once users inadvertently install these fake add-ins, the malware is activated, often running in the background without the user’s knowledge. The malware primarily works by intercepting clipboard contents, specifically targeting cryptocurrency wallet addresses. This tactic exploits the common behavior of users who often copy and paste wallet addresses rather than typing them manually. Once the malware detects a cryptocurrency address in the clipboard, it automatically replaces it with one controlled by the attacker, diverting the funds to the hacker’s wallet.
Key Indicators of a Compromised System
Kaspersky highlighted several indicators that users can look for to determine whether their systems may have been compromised. These include unusual performance issues, unexpected pop-ups or notifications, and altered content in documents or emails. Users are also encouraged to keep a close eye on their clipboard and monitor their transactions for any discrepancies that may suggest unauthorized access to their cryptocurrency wallets.
The Prevalence of Fake Add-Ins
The proliferation of fake Microsoft Office add-ins is a troubling trend that Kaspersky has observed. These add-ins often find their way onto popular distribution platforms or are shared through unofficial channels, such as file-sharing websites or social media platforms. They may present themselves under the guise of legitimate add-ins, making them even more difficult to detect.
Given the substantial volume of users who rely on Microsoft Office for everyday tasks, the potential pool of victims becomes alarmingly vast. This makes it imperative for individuals and organizations alike to exercise caution when installing any third-party software, particularly tools that access sensitive information or financial data.
Prevention and Protection Strategies
To guard against these types of threats, Kaspersky emphasizes several best practices. First and foremost, users should ensure that they download software only from official sources or verified developers. This applies not just to Microsoft Office add-ins, but to any software installations.
In addition to cautious downloading practices, maintaining up-to-date antivirus software is crucial. Reliable antivirus programs not only detect known threats but can also help prevent new types of malware from infiltrating systems. Enabling two-factor authentication (2FA) on cryptocurrency wallets adds an additional layer of protection, making it significantly more challenging for cybercriminals to exploit stolen credentials.
Users should also make it a habit to periodically review their clipboard contents and be vigilant about what they are copying and pasting. Adopting a manual approach to entering cryptocurrency wallet addresses, rather than relying on the clipboard, can mitigate the risk of falling victim to clipboard hijacking.
Conclusion
As cyber threats continue to evolve, the findings from Kaspersky about crypto-stealing malware hidden in fake Microsoft Office add-ins serve as a stark reminder of the vulnerabilities present in our digital interactions. The intersection of cybersecurity and cryptocurrency necessitates heightened awareness and diligence among users.
With the rise of malicious tactics aimed at exploiting the expanding realms of digital currency, it is critical that individuals and organizations safeguard their assets and information. By adopting proactive measures and staying informed about potential threats, users can create a stronger defense against the array of cyber risks that continue to emerge in today’s interconnected world. As the old adage goes, "Forewarned is forearmed" — in the realm of cybersecurity, this wisdom has never been more pertinent.
Kaspersky has identified a new strain of malware designed to steal cryptocurrency, cleverly disguised as fake Microsoft Office add-ins. This malware’s primary goal is to infiltrate systems and extract sensitive information related to cryptocurrency wallets, potentially leading to significant financial losses for victims.
The malicious add-ins are often promoted through legitimate channels, making them difficult for users to distinguish from authentic software. Once installed, the malware can operate stealthily, employing various techniques to evade detection while monitoring for crypto-related activities on the infected device.
Users are advised to exercise caution when downloading software, particularly from unofficial sources. Ensuring that all applications are updated regularly and employing reliable security solutions can help mitigate the risks posed by such threats. Awareness of these tactics is crucial for protecting personal and financial information in an increasingly perilous digital landscape.

