Platformists hide harmful programs to exchange addresses in Microsoft Office additions
The harmful actors are trying to steal the encryption with the malicious programs included in the fake Microsoft Offices extensions that have been uploaded to Sounds Forge Source Forge, according to Kaspersky.
One of the malicious menus, called “OfficePackage”, has real Microsoft Office additives but it hides harmful programs called Clipbanker that replaces the treatment Crown wallet address On the computer portfolio with the attacker’s address, Casperrsky Research Control Team for Programs He said In April 8 report.
The team said: “Users of the encryption portfolio usually copy their addresses instead of writing them. If the device is infected with Clipbanker, the victim’s money will end in a completely unexpected place.”
The fake project page on Sourceforge mimics the legislative developer tool page, which shows the additional Office buttons and download buttons and can also appear in the search results.
Kaspersky said it had found harmful programs to steal encryption on the Sourceforge programs. source: Kaspersky
Kaspersky said that another feature of the malware infection series includes sending infected device information such as IP addresses and names names to Cross through telegram.
Harmful programs can also wipe the affected system of already installed signs or to delete and delete viruses.
The attackers can sell access to the other regime
Kaspersky says that some of the files in the pseudo download are small, which raise “red flags, because office applications are never small, even when they are compressed.”
Other files are filled with Junk to persuade users that they are looking for an original software installer.
The company said the attackers secure an infected system “through multiple methods, including unconventional methods.”
“While the attack mainly targets the cryptocurrency by deploying a mine and Clipbanker worker, attackers can sell the system to the most dangerous actors.”
The interface is in Russian, which Kaspersky speculates that it is targeting Russian -speaking users.
“Our remote measurement indicates that 90 % of potential victims in Russia, with 4,604 users of the plan between early January and late March,” stated the report.
to Avoid the fall of the victimKaspersky recommended that programs be downloaded only from reliable sources such as pirate software and alternative download options bearing higher risks.
Related to: Holders sell fake phones with malware to steal encryption
The company said: “The distribution of harmful programs as a pirated program is not new.” “Since users are looking for ways to download applications outside official sources, the attackers offer them. They continue to search for new ways to make their websites look legitimate.”
Other companies were also Raise the alarm on new forms of harmful programs Targeting encryption users.
Threat He said in the March 28 report I have found a new family of harmful programs that can launch a fake overload to deceive Android users to provide their encryption seed phrases while taking the device.
publish_date
