1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Beware, these dangerous fake Microsoft Office add-ons are spreadi

    From TechnologyDaily@1337:1/100 to All on Wed Apr 9 13:45:07 2025
    Beware, these dangerous fake Microsoft Office add-ons are spreading malware

    Date:
    Wed, 09 Apr 2025 12:30:00 +0000

    Description:
    Someone tried abusing SourceForge to distribute malware but was quickly stopped.

    FULL STORY ======================================================================Kaspersk y found a new malicious campaign leveraging SourceForge The campaign distributed a crypto miner and a clipboard jacker SourceForge said the attack was quickly stopped

    Hackers tried using SourceForge to distribute malware, but thanks to the platforms swift reaction, a major escalation seems to have been averted.

    Earlier this month, security researchers Kaspersky said they spotted a rather unique malware distribution scheme in which a fake Microsoft Office project, called officepackage, was uploaded to the main website sourceforge.net.

    Officepackage was advertised as a compilation of Microsoft Office add-in development tools. Its description and files are a copy of the legitimate Microsoft project Office-Addin-Scripts, it was said, which can be found on GitHub.

    Monitor your credit score with TransUnion starting at $29.95/month

    TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnions advanced risk assessment tools.

    Preferred partner ( What does this mean? ) View Deal "No malicious files hosted"

    In reality, the files serve as a malware dropper, a cryptocurrency miner, and a clipboard jacker. Kaspersky said the threat actors can use the files deployed through the project to drop additional malware on compromised endpoints , or to use their computing power to mine cryptocurrencies. Furthermore the files keep track of the clipboard for copied crypto addresses and replace them with the ones belonging to the attackers, on paste.

    For those unaware of SourceForge, it is a popular website that hosts open-source software projects, and provides hosting, comparison, and distribution services.

    Kaspersky said that before being pulled, the malware infected 4,604 systems, most of which are in Russia.

    SourceForge, on the other hand, says that its platform wasnt broken into: "There were no malicious files hosted on SourceForge and there were no breaches of any kind, the projects president, Logan Abbott, said in a written statement shared with BleepingComputer.

    The malicious actor and project in question were removed almost immediately after it was discovered. All files on SourceForge.net (the main website, not the project website subdomains) are scanned for malware and that is where users should download files from. Regardless, weve put additional safeguards in place so that project websites using free web hosting cannot link to externally hosted files or use shady redirects in the future."

    Via BleepingComputer You might also like Microsoft warns many big Android apps carry major flaws Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/beware-these-dangerous-fake-microsoft-o ffice-add-ons-are-spreading-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)