Hackers Hijack SourceForge to Unleash Crypto Chaos!

SourceForge's Trust Exploited for Malicious Crypto Mining and Clipboard Hijacking

Hold onto your digital wallets, folks! Cybercriminals are pulling a fast one, using SourceForge's project domains to sling trojanized Office installers packed with crypto-mining tools and clipboard hijackers. It's a digital heist like no other!

SourceForge: The Unwitting Launchpad for Malware Mayhem

Get this: a slick new malware campaign is turning SourceForge's own infrastructure into a launchpad for infection. These crafty hackers are using the platform's developer-friendly tools to trick unsuspecting users into downloading malicious crypto software. It's a wild ride from trusted platform to malware minefield!

Kaspersky Uncovers the Crypto-Targeting Scheme

According to the sharp minds at Kaspersky, this scheme is laser-focused on crypto users. They're disguising malware as office-related downloads, complete with bloated installers, password-protected archives, and layers of obfuscation. Once you're hooked, it delivers a crypto miner and a ClipBanker that hijacks your crypto transactions. It's a double whammy of digital doom!

The "Officepackage" Ruse: A Fake Project with Real Consequences

In a bombshell blog post on Tuesday, April 8, Kaspersky researchers spilled the beans on how attackers set up a fake project on SourceForge called "officepackage." It's made to look like legit Microsoft Office add-ins copied from GitHub. But don't be fooled—the real trap is its auto-generated subdomain "officepackage.sourceforge.io." Search engines like Russia's Yandex fell for it, and when users visited, they saw a fake list of office apps with download buttons that kicked off the malware infection. It's a digital wolf in sheep's clothing!

From Fake Downloads to Bloated Installers: The Malware Journey

Clicking those fake download links sends users on a wild ride through several redirects before landing a small zip file. But once you unzip it, bam! It expands into a monstrous 700MB installer. Talk about a digital surprise!

The Installer's Hidden Agenda: Crypto Malware Unleashed

When you launch that installer, hidden scripts sneakily grab more files from GitHub, eventually unpacking malware that checks for antivirus tools before running. If the coast is clear, it installs tools like AutoIt and Netcat. One script sends your system info straight to a Telegram bot, while another makes sure the crypto-mining malware sticks around. It's a digital invasion you never saw coming!

Russia Bears the Brunt: 90% of Victims and Counting

Kaspersky says a whopping 90% of affected users are in Russia, with over 4,600 hits between January and March. While this campaign is all about stealing crypto funds, researchers warn that infected machines might also be sold to other threat actors. It's a digital double-cross that's hitting hard!