Hackers Hide Crypto-Stealing Malware in Fake Microsoft Add-ins
- Jun hao
- Apr 10
- 1 min read
Published: April 10, 2025
Cybersecurity firm Kaspersky has recently uncovered a disturbing new tactic used by cybercriminals to steal cryptocurrency. According to their report published on April 8, hackers are embedding malware into fake Microsoft Office add-ins hosted on SourceForge, a well-known platform for open-source software.
One particular fake project titled “officepackage” appears to contain real Office extension files, but secretly installs a malware known as ClipBanker. This malicious software monitors the user’s clipboard, and if it detects a copied crypto wallet address, it automatically replaces it with the attacker’s own address — potentially causing users to unknowingly transfer funds to the hacker.
“Users of crypto wallets typically copy addresses instead of typing them. If the device is infected with ClipBanker, the victim’s money will end up somewhere entirely unexpected,” said Kaspersky’s Anti-Malware Research Team.
Furthermore, once the malware infects a device, it can transmit sensitive system data — such as IP address, country, and user login — to attackers via Telegram. The fake add-in project is cleverly designed to resemble a legitimate Office extension download page, making it even harder for users to detect.
Stay Safe Tip: Always download software and extensions from official websites or verified sources. Be cautious of links from forums or unfamiliar platforms.
Source: Kaspersky Official Report
What Is MyITS?
MyITS (My Intelligent Trading Solutions), we combine real-time market insights with advanced algorithms to deliver smarter crypto trading strategies. Whether it’s long-term automated spot trading or short-term futures, MyITS helps you navigate the ever-evolving crypto market with confidence. Join Us Now: https://www.myits.co/
