Skip to content

Hackers Hide Crypto-Stealing Malware in Fake Office Add-Ins on Source Forge

ClipBanker malware, disguised in fake Office add-ins, hijacks clipboard addresses, rerouting crypto funds to attackers.

Profile picture of Mutugi Benard
Written by Written by Mutugi Benard
Crypto Market Coinfutura News
Follow us:
Coinmarketcap Streamline Icon: https://streamlinehq.comCoinMarketCap
coinmarketcap binance
telegram twitter
  • ClipBanker malware targets crypto users by hijacking the clipboard addresses for theft.
  • Cybercriminals use fake Office add-ins on SourceForge to deliver ClipBanker malware.
  • Russian-speaking users are the primary targets of crypto-stealing malware via SourceForge.

A new security threat has emerged, with hackers embedding crypto-stealing malware in fake Microsoft Office add-ins available on SourceForge. The malware, named ClipBanker, secretly swaps copied crypto wallet addresses, rerouting funds to attackers.

ClipBanker Malware Swaps Wallet Addresses for Crypto Theft

 In a report by Coinyex, the malware is distributed through a seemingly legitimate “officepackage” add-in on SourceForge. The add-in, posing as a typical Office tool, installs ClipBanker, which swaps the copied wallet addresses with the attacker’s address. This allows the malware to divert funds to the wrong address.

Source: Kaspersky

According to Kaspersky’s Anti-spyware Expert Group, the spyware transmits private data, such as IP addresses and usernames, to hackers using Telegram. ClipBanker also contains an uninstall function if it detects antivirus software or previous infections, making tracing and uninstallation from infected computers difficult.

Increased Risk of Further Compromises

Kaspersky also stated that the malware would be distributed to other cybercrooks, increasing the number of potential victims. That leaves the hijacked machine in the hands of still more nefarious actors, resulting in further breaches and theft of data.

The malware interface is in Russian, which may reflect targeting Russian-language users. According to Kaspersky, 90% of potential victims reside in Russia, where the malware has already affected thousands of users, further justifying the urgency for enhanced security in the country.

CFU-Banner-Desktop

How to Protect Against Crypto Address Swapping Malware

Experts recommend obtaining software only from legitimate sources and not from pirated or malicious programs that may contain embedded malware. Adhering to genuine platforms enables users to reduce the risk of infection by malware like ClipBanker to a great extent.

In addition, knowledge of emerging threats and possessing updated antivirus tools is crucial in preventing attacks. As cybercrime actors are always developing new methods, cautious foresight is critical in safeguarding crypto assets.

Share this article

© 2025 CoinFutura. All rights reserved.