- Kaspersky found a new malicious campaign leveraging SourceForge
- The campaign disseminated both acrypto miner and a clipboard hijacking tool.
- SourceForge stated that the attack was promptly halted.
Hackers tried using SourceForge to distribute malware, but thanks to the platform’s swift reaction, a major escalation seems to have been averted.
At the beginning of this month, security experts from Kaspersky reported discovering an unusual method for distributing malicious software. The approach involved uploading a counterfeit Microsoft Office package named 'officepackage' to the primary SourceForge website.
The office package was promoted as a collection of Microsoft Office add-in development tools. It turned out that both its description and files were copied from the genuine Microsoft initiative called 'Office-Addin-Scripts', reportedly available on GitHub.
Keep an eye on your credit score from TransUnion for as low as $29.95 per month.
TransUnion offers a credit monitoring solution designed to keep tabs on your fiscal well-being. Featuring instant notifications, ongoing credit score surveillance, and safeguards against identity fraud, this service guarantees you won’t overlook critical updates. The user-friendly web platform allows for personalized adjustments and transparent overviews of your credit status. Additionally, companies can leverage TransUnion’s sophisticated analytics instruments for assessing risks effectively.
Preferred partner ( What does this mean? ) View Deal
"No malicious files hosted"
In reality, the files serve as a malware A dropper, which is a type of cryptocurrency miner along with a clipboard hijacking tool, was mentioned by Kaspersky as being utilized by malicious parties who deploy these files to install further harmful software on infected systems. endpoints , or utilize their computational resources to mine cryptocurrencies. Additionally, these files monitor the clipboard for copied cryptocurrency addresses and substitute them with those owned by the hackers when pasted.
If you're unfamiliar with SourceForge, it’s a well-known platform for managing open-source software initiatives, offering hosting, comparative analysis, and dissemination services.
Kaspersky stated that prior to being removed, the malware had affected 4,604 systems, with the majority located in Russia.
On the contrary, SourceForge asserts that their platform was not compromised: "No malicious files were hosted on SourceForge, and there were no breaches of any sort," President Logan Abbott stated in a written response provided to BleepingComputer.
The harmful individual and associated project were swiftly eliminated once identified. Every file on SourceForge.net (referring to the primary site, excluding the project-specific subdomain sites) undergoes scanning for potential threats, which is where users ought to obtain their downloads. Nevertheless, we have implemented extra protective measures ensuring that project websites utilizing free hosting services can’t direct links to external content or employ dubious redirection methods moving forward.
Via BleepingComputer
You might also like
- Microsoft cautions that numerous prominent Android applications contain significant vulnerabilities.
- Check out our guide to the best authenticator app
- We've rounded up the best password managers
Enjoying this article? To discover more stories like this, follow us on MSN by tapping the +Follow button at the top of the page.