Kaspersky Ungkap Malware Pencuri Crypto Tersembunyi di Add-In Palsu Microsoft Office
Kaspersky Flags Crypto-Stealing Malware Hidden in Fake Microsoft Office Add-Ins https://cryptonews.com/news/fake-microsoft-extensions-embed-malware-to-steal-crypto-report/

Kaspersky Flags Crypto-Stealing Malware Hidden in Fake Microsoft Office Add-Ins

Kaspersky, a cybersecurity firm, has issued a warning about a widespread malware campaign targeting users on GitHub. The malware, dubbed "ClipBanker", replaces cryptocurrency wallet addresses in the clipboard with the attackers' own, allowing them to steal victims' cryptocurrencies.

According to Kaspersky, the malware injects the ClipBanker trojan through SourceForge, a website hosting platform. The fake Microsoft Office add-ins uploaded to SourceForge display a list of office applications complete with version numbers and "Download" buttons. However, the downloads are roughly seven-megabyte in size, which raises some red flags as office applications are never that small, even when compressed.

Once downloaded, the zip file contains a password-protected archive, with attackers using the "pumping" technique to inflate the file size to look legit by appending junk data. Kaspersky advises users against downloading software from untrusted sources and warning that seeking alternative download options always carries higher security risks.

Kaspersky warned that the attackers could also sell system access to more dangerous actors apart from stealing cryptos. Users are advised to be cautious when downloading software from untrusted sources and to verify the authenticity of the download by checking the file size and contents.