- Kaspersky found a new malicious campaign leveraging SourceForge
- The campaign distributed a crypto miner and a clipboard jacker
- SourceForge said the attack was quickly stopped
Hackers tried using SourceForge to distribute malware, but thanks to the platform’s swift reaction, a major escalation seems to have been averted.
Earlier this month, security researchers Kaspersky said they spotted a “rather unique” malware distribution scheme in which a fake Microsoft Office project, called ‘officepackage’, was uploaded to the main website sourceforge.net.
Officepackage was advertised as a compilation of Microsoft Office add-in development tools. Its description and files are a copy of the legitimate Microsoft project ‘Office-Addin-Scripts’, it was said, which can be found on GitHub.
“No malicious files hosted”
In reality, the files serve as a malware dropper, a cryptocurrency miner, and a clipboard jacker. Kaspersky said the threat actors can use the files deployed through the project to drop additional malware on compromised endpoints, or to use their computing power to mine cryptocurrencies. Furthermore the files keep track of the clipboard for copied crypto addresses and replace them with the ones belonging to the attackers, on paste.
For those unaware of SourceForge, it is a popular website that hosts open-source software projects, and provides hosting, comparison, and distribution services.
Kaspersky said that before being pulled, the malware infected 4,604 systems, most of which are in Russia.
SourceForge, on the other hand, says that its platform wasn’t broken into: “There were no malicious files hosted on SourceForge and there were no breaches of any kind,” the project’s president, Logan Abbott, said in a written statement shared with BleepingComputer.
“The malicious actor and project in question were removed almost immediately after it was discovered. All files on SourceForge.net (the main website, not the project website subdomains) are scanned for malware and that is where users should download files from. Regardless, we’ve put additional safeguards in place so that project websites using free web hosting cannot link to externally hosted files or use shady redirects in the future.”
Via BleepingComputer
