- Kaspersky has found a new malicious campaign by taking advantage of Sourceforge
- The campaign distributed a crypto minor and a jacquier in press
- SourceForge said the attack was quickly arrested
The pirates tried to use Sourceforge to distribute malware, but thanks to the rapid reaction of the platform, a major escalation seems to have been avoided.
Earlier this month, security researchers, Kaspersky, said they have spotted a “rather unique” malware distribution scheme in which a false Microsoft Office project, called “OfficePackage”, was downloaded from the main source onForge.net website.
Officepackage has been announced as a compilation of complementary development tools from Microsoft Office. Its description and files are a copy of the legitimate Microsoft project “Office-Addin-Scripts”, it was said, which can be found on Github.
“No hosted malware”
In reality, the files serve as malicious droppings, a cryptocurrency minor and a clipboer jacquier. Kaspersky said that threat stakeholders can use files deployed via the project to delete additional malware on compromise termination points, or to use their calculation power to exploit cryptocurrencies. In addition, the files keep a trace of the clipboard for the copied cryptographic addresses and replace them with those belonging to the attackers, in paste.
For those who were not aware of Sourceforge, this is a popular website that hosts open source software projects and provides accommodation, comparison and distribution services.
Kaspersky said that before being fired, malware infected 4,604 systems, most of which are in Russia.
Sourceforge, on the other hand, said that his platform was not penetrated: “There was no malicious file hosted on Sourceforge and that there was no violation of any kind,” said project president Logan Abbott, in a written declaration shared with Bleeping Computer.
“The malicious actor and project in question were deleted almost immediately after its discovery. All files on Sourceforge.net (the main website, not the sub-domains of the project website) are scanned for malware and it is there that users must download files from. Anyway, we have set up additional backups in place so that the project websites May not bind to external hosted files or using Shady Reillects in the future. “
Via Bleeping Compompute
