Kaspersky has identified malware circulating on SourceForge disguised as Microsoft Office Add-Ins, which tricks users into sending cryptocurrency to attackers. The malware, named ClipBanker, replaces wallet addresses copied to the clipboard with those of the attackers, making the theft go unnoticed until funds are lost. Most victims are expected to be in Russia, though the malware’s reach could extend globally as it is found alongside English download links. This threat is part of a broader trend of crypto-related attacks, exemplified by malware targeting the bitcoinlib Python library, which is used for developing Bitcoin wallets. Kaspersky’s researchers emphasize the importance of avoiding untrusted software downloads and stress that downloading from unofficial sources carries significant security risks. They have noted that approximately 4,604 Russian users encountered this malware from January to March 2025.

Source 🔗