- Kaspersky found a new malicious campaign taking advantage of Sourceforge
- The campaign distributed a cryptographic miner and a jacker clip
- Sourceforge said the attack stopped quickly
The computer pirates tried to use Sourceforge to distribute malware, but thanks to the rapid reaction of the platform, an important escalation seems to have been avoided.
Earlier this month, Kaspersky security researchers said they saw a “quite unique” malware distribution scheme in which a fake project from the Microsoft office, called ‘Offepackage’, was loaded to the main website sourceforge.net.
Offepackage was announced as a compilation of Microsoft Office Addent development tools. Its description and the files are a copy of the legitimate Microsoft Project ‘Office-Addin-Scripts’, it was said, that it can be found in Github.
“There are no malicious files housed”
Actually, the files serve as a dropper of malware, a cryptocurrency miner and a moron. Kaspersky said that threat actors can use the files implemented through the project to release additional malware at committed final points or to use their computer power to extract cryptocurrencies. In addition, the files monitor the clipboard for the copied cryptographic addresses and replace them with those belonging to the attackers, in paste.
For those who do not know Sourceforge, it is a popular website that houses open source software projects and provides accommodation, comparison and distribution services.
Kaspersky said that before being taken out, malware infected 4,604 systems, most of which are in Russia.
Sourceforge, on the other hand, says that its platform was not divided: “There were no malicious files hosted in Sourceforge and that there were no infractions of any kind,” said project president Logan Abbott, in a written statement shared with Bleepingcomuter.
“The malicious actor and the project in question were eliminated almost immediately after it was discovered. All files at sourceforge.net (the main website, not the subdomains of the website of the project) is scanned for malware and that is where users must download files. Regardless of all, regardless of additional safeguards so that the websites of projects that use the free web host or use sealed redirects in the future. ” “.” “.” “.” “.” “.” “.” “.” “.”
Through Bleepingcomputer
