Bitcoin
Bitcoin (BTC)
$85,134.00 1.58093
Bitcoin price
Ethereum
Ethereum (ETH)
$1,644.51 4.92024
Ethereum price
BNB
BNB (BNB)
$597.10 1.6424
BNB price
Solana
Solana (SOL)
$131.04 8.23994
Solana price
XRP
XRP (XRP)
$2.15 5.16974
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000125 2.33654
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000074 7.00568
Pepe price
Bonk
Bonk (BONK)
$0.0000135 11.64576
Bonk price
dogwifhat
dogwifhat (WIF)
$0.459796 15.60966
dogwifhat price
Popcat
Popcat (POPCAT)
$0.272958 21.323
Popcat price
Bitcoin
Bitcoin (BTC)
$85,134.00 1.58093
Bitcoin price
Ethereum
Ethereum (ETH)
$1,644.51 4.92024
Ethereum price
BNB
BNB (BNB)
$597.10 1.6424
BNB price
Solana
Solana (SOL)
$131.04 8.23994
Solana price
XRP
XRP (XRP)
$2.15 5.16974
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000125 2.33654
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000074 7.00568
Pepe price
Bonk
Bonk (BONK)
$0.0000135 11.64576
Bonk price
dogwifhat
dogwifhat (WIF)
$0.459796 15.60966
dogwifhat price
Popcat
Popcat (POPCAT)
$0.272958 21.323
Popcat price
Bitcoin
Bitcoin (BTC)
$85,134.00 1.58093
Bitcoin price
Ethereum
Ethereum (ETH)
$1,644.51 4.92024
Ethereum price
BNB
BNB (BNB)
$597.10 1.6424
BNB price
Solana
Solana (SOL)
$131.04 8.23994
Solana price
XRP
XRP (XRP)
$2.15 5.16974
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000125 2.33654
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000074 7.00568
Pepe price
Bonk
Bonk (BONK)
$0.0000135 11.64576
Bonk price
dogwifhat
dogwifhat (WIF)
$0.459796 15.60966
dogwifhat price
Popcat
Popcat (POPCAT)
$0.272958 21.323
Popcat price
Bitcoin
Bitcoin (BTC)
$85,134.00 1.58093
Bitcoin price
Ethereum
Ethereum (ETH)
$1,644.51 4.92024
Ethereum price
BNB
BNB (BNB)
$597.10 1.6424
BNB price
Solana
Solana (SOL)
$131.04 8.23994
Solana price
XRP
XRP (XRP)
$2.15 5.16974
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000125 2.33654
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000074 7.00568
Pepe price
Bonk
Bonk (BONK)
$0.0000135 11.64576
Bonk price
dogwifhat
dogwifhat (WIF)
$0.459796 15.60966
dogwifhat price
Popcat
Popcat (POPCAT)
$0.272958 21.323
Popcat price

Hackers exploit SourceForge to hide crypto miners in Microsoft Office packages

Denis Omelchenko
By
Dorian Batycka
Edited by
News
Hackers exploit SourceForge to hide crypto miners in Microsoft Office packages

Cybercriminals are abusing SourceForge’s project domains to spread trojanized Office installers embedded with cryptocurrency mining tools and clipboard hijackers.

A newly uncovered malware campaign is turning SourceForge’s infrastructure into a launchpad for infection, leveraging the platform’s developer-friendly tools to trick users into downloading malicious crypto software.

According to researchers at Kaspersky, the scheme specifically targets crypto users by disguising malware as office-related downloads — complete with bloated installers, password-protected archives, and layers of obfuscation that eventually deliver a crypto miner and a ClipBanker to hijack crypto transactions.

In a blog post on Tuesday, April 8, researchers said the attackers set up a fake project on SourceForge called “officepackage,” made to look like Microsoft Office add-ins copied from GitHub. While the project page itself might look normal, the real trap was its auto-generated subdomain “officepackage.sourceforge.io,” the researchers noted. Search engines like Russia‘s Yandex picked it up, and when users visited the page, they saw a fake list of office apps with download buttons that actually started the malware infection.

Hackers exploit SourceForge to hide crypto miners in Microsoft Office packages - 1
Example of a malicious Microsoft Publisher package shown on Yandex’s search results page | Source: Kaspersky
You might also like: Crypto users at risk as Microsoft uncovers StilachiRAT malware stealing wallet data

Clicking the fake download links sends users through several redirects before delivering a small zip file. But once unzipped, it expands into a bloated 700MB installer.

When launched, the installer uses hidden scripts to grab more files from GitHub, eventually unpacking malware that checks for antivirus tools before running. If no threats are detected, it installs tools like AutoIt and Netcat — one script sends system info to a Telegram bot, while another ensures the crypto-mining malware stays on the system, the researchers say.

Kaspersky says 90% of affected users appear to be in Russia, with over 4,600 hits between January and March. While the campaign primarily seeks to steal crypto funds, researchers warn that infected machines may also be sold to other threat actors.

Read more: Kaspersky warns of SparkCat malware that targets private keys on Android and iOS

Deep Dives

If the Fed prints more money, what’s at stake for Bitcoin?
Follow-up
Read more - If the Fed prints more money, what’s at stake for Bitcoin?

If the Fed prints more money, what’s at stake for Bitcoin?

Bitcoin BTC Bitcoin
DeepSeek, China and Russia AI partnership: Western world is on notice | Opinion
Opinion
Read more - DeepSeek, China and Russia AI partnership: Western world is on notice | Opinion

DeepSeek, China and Russia AI partnership: Western world is on notice | Opinion

Q&A: How Fasset plans to bring real-world stocks to DeFi and emerging markets
Interviews
Read more - Q&A: How Fasset plans to bring real-world stocks to DeFi and emerging markets

Q&A: How Fasset plans to bring real-world stocks to DeFi and emerging markets

EXCLUSIVE: Mantra CEO on the future of RWA, ecosystem fund, and future plans
Interviews
Read more - EXCLUSIVE: Mantra CEO on the future of RWA, ecosystem fund, and future plans

EXCLUSIVE: Mantra CEO on the future of RWA, ecosystem fund, and future plans

MANTRA OM MANTRA
As Schiff calls Bitcoin’s death, a Bloomberg analyst sees the S&P now mirroring its chaos
Feature
Read more - As Schiff calls Bitcoin’s death, a Bloomberg analyst sees the S&P now mirroring its chaos

As Schiff calls Bitcoin’s death, a Bloomberg analyst sees the S&P now mirroring its chaos

Bitcoin BTC Bitcoin
The tariff war fallout: Is crypto to the rescue? | Opinion
Opinion
Read more - The tariff war fallout: Is crypto to the rescue? | Opinion

The tariff war fallout: Is crypto to the rescue? | Opinion

Bitcoin BTC Bitcoin
Trump seeks to fire Fed Chair Jerome Powell via the Supreme Court. Good news for the crypto market?
Feature
Read more - Trump seeks to fire Fed Chair Jerome Powell via the Supreme Court. Good news for the crypto market?

Trump seeks to fire Fed Chair Jerome Powell via the Supreme Court. Good news for the crypto market?

Bitcoin BTC Bitcoin
Are DeFi and Layer 2 chains squeezing the juice out of Ethereum: Deep dive on the downfall of ETH
Markets
Read more - Are DeFi and Layer 2 chains squeezing the juice out of Ethereum: Deep dive on the downfall of ETH

Are DeFi and Layer 2 chains squeezing the juice out of Ethereum: Deep dive on the downfall of ETH

Ethereum ETH Ethereum
Markets surge on Trump’s tariff pause — but Bitcoin’s recovery may not hold
Markets
Read more - Markets surge on Trump’s tariff pause — but Bitcoin’s recovery may not hold

Markets surge on Trump’s tariff pause — but Bitcoin’s recovery may not hold

Bitcoin BTC Bitcoin
Is a four-year Bitcoin cycle dead?
Follow-up
Read more - Is a four-year Bitcoin cycle dead?

Is a four-year Bitcoin cycle dead?

Bitcoin BTC Bitcoin

Related News

DeepSeek, China and Russia AI partnership: Western world is on notice | Opinion
Opinion
Read more - DeepSeek, China and Russia AI partnership: Western world is on notice | Opinion

DeepSeek, China and Russia AI partnership: Western world is on notice | Opinion

Morpho Labs crypto hack thwarted as white hat intercepts $2.6M after frontend exploit
News
Read more - Morpho Labs crypto hack thwarted as white hat intercepts $2.6M after frontend exploit

Morpho Labs crypto hack thwarted as white hat intercepts $2.6M after frontend exploit

KAITO KAITO KAITO
Wayfinder’s PROMPT tanks 68% amid MEV exploit targeting Kaito airdrop
News
Read more - Wayfinder’s PROMPT tanks 68% amid MEV exploit targeting Kaito airdrop

Wayfinder’s PROMPT tanks 68% amid MEV exploit targeting Kaito airdrop

KAITO KAITO KAITO
Advertise