**Kaspersky Alerts Users to New Crypto-Stealing Malware via Fake Microsoft Office Extensions**
Cybersecurity firm Kaspersky has identified a sophisticated new malware campaign targeting cryptocurrency wallets through fake Microsoft Office add-ins. These seemingly legitimate extensions are uploaded to SourceForge, a popular hosting platform, using descriptions copied from real GitHub projects.
Dubbed “officepackage,” the malware mimics a list of office applications with version numbers and “Download” buttons. Kaspersky experts note that the malware’s download size is around seven megabytes, a suspiciously small size for office applications. Once users download the software, it expands into an archive exceeding 700 megabytes through a technique known as “pumping,” where junk data is added to feign legitimacy.
The malware campaign also involves the ClipBanker trojan, which alters cryptocurrency wallet addresses in the user’s clipboard to redirect funds to attackers. This is particularly dangerous as users typically copy wallet addresses rather than type them.
Kaspersky warns users against downloading software from unofficial sources, highlighting the increased security risks associated with such actions. The firm advises obtaining software only from trusted platforms.
For more details, visit [Kaspersky’s malware report](https://securelist.com/miner-clipbanker-sourceforge-campaign/116088/).
