- ClipBanker malware targets crypto users via SourceForge.
- Over 4,600 Russian-speaking users affected.
- No major cryptocurrency market disruption reported.
Kaspersky has identified a malware operation targeting cryptocurrency users, primarily Russian speakers, through fake Microsoft Office add-ins on SourceForge between January and March 2025.
The incident highlights the vulnerability of cryptocurrency users to malware attacks, especially those relying on unofficial software downloads. Kaspersky Anti-Malware Research Team stated,
“Distributing malware disguised as pirated software is anything but new. As users seek ways to download applications outside official sources, attackers offer their own. They keep looking for new ways to make their websites look legit.”
Although individual crypto transactions are targeted, there has been no significant disruption in major cryptocurrencies.
Key players
Key players such as Kaspersky have identified the campaign facilitated by fake Microsoft Office add-ins. The attackers aim to hijack clipboard data and redirect cryptocurrency funds.
The ClipBanker malware was distributed through SourceForge, impacting over 4,600 users. It primarily affected individuals by substituting wallet addresses during transactions, which did not influence blockchain networks.
The financial impact remains undetermined, but losses are presumed significant given the number of affected users. No immediate regulations have been imposed, although security firms are alert to the threat.
Kaspersky’s warning emphasizes the importance of downloading from trusted sources. This attack represents a broader trend of leveraging platforms like SourceForge and Telegram for malware distribution. SourceForge Report from cybersecurity analysts confirmed this by stating that the campaign leveraged SourceForge, creating a deceptive project page resembling legitimate developer tools.
As crypto users face ongoing threats, increased attention to cybersecurity best practices is recommended. Vigilance against unofficial downloads and understanding new methods of legitimate-looking threats are crucial in maintaining security.
