Hackers hide crypto address-swapping malware in Microsoft Office add-in bundles
Malicious actors are attempting to steal crypto with malware embedded in fake Microsoft Office extensions uploaded to the software hosting site SourceForge, according to cybersecurity firm Kaspersky.
One of the malicious listings, called “officepackage,” has real Microsoft Office add-ins but hides a malware called ClipBanker that replaces a copied crypto wallet address on a computer’s clipboard with the attacker’s address, Kaspersky’s Anti-Malware Research Team said in an April 8 report.
“Users of crypto wallets typically copy addresses instead of typing them. If the device is infected with ClipBanker, the victim’s money will end up somewhere entirely unexpected,” the team said.
The fake project’s page on SourceForge mimics a…
