Security company: New cryptocurrency fraud malware ClipBanke appears on SourceForge platform

According to Decrypt, cybersecurity company Kaspersky has discovered a new type of cryptocurrency fraud malware that alters wallet addresses in the clipboard. The attacker disguised the malicious software as a Microsoft Office plugin and spread it through the SourceForge platform, but actually induced downloads through secondary redirect links. Analysis shows that malicious code may have been written by Russian developers, with 90% of victims located in Russia. However, due to the use of English download pages, the scope of the attack may be broader. The malicious software (ClipBanker) monitors the clipboard and automatically replaces the encrypted currency address with the attacker's address when the user copies it. Due to the habit of most users copying and pasting, they often only realize they have been scammed after completing the transfer. Kaspersky warns that attackers may sell access to infected devices for more serious criminal activities. Although the installation package disguises itself as a normal 700MB program, the actual malicious portion is only 7MB. In the first three months of 2024, over 4600 users in Russia have been recruited. Experts suggest downloading software only from official channels and avoiding using non trusted sources to prevent similar attacks.