Malicious actors are trying to steal crypto with malware embedded in fraudulent Microsoft Office extensions sent to the hosting site of the source software, according to Cybersecurity Kaspersky.

One of the malicious offers, called “Officice”, has real Microsoft Office add -ons, but hides malware called Clipbanker, which replaces the copied address of the cryptographic portfolio on the computer’s compartment with the address of the attacker, the team for research on Malware Kaspersky Kaspersky he said In the report of April 8.

“Cryptographic portfolio users usually copy addresses instead of writing them. If the device is infected with clipbanker, the victim’s money will end up unexpectedly,” said the band.

A fraudulent project on Sourceforge imitates the legal side of the programmer tools, showing office accessories and download buttons, and may also appear in search results.

Kaspersky said that another feature of the malware chain is to send information about infected devices, such as IP addresses, country and users’ names to hackers via a telegram.

Malware software can also scan the infected character system in which it has already been installed earlier or in the case of anti -virus software and delete.

Attacks can sell the system access to others

Kaspersky says that some files in false download are diminutive, which raises “red flags, because office applications are never so small, even after compression.”

Other files are padded with garbage to convince users who look at the original software installer.

The company said that the attackers secure access to the infected system “using many methods, including unconventional ones”.

“While the attack primarily directs cryptocurrency by distributing Górnik and Clipbanker, the attackers can sell the system access to more dangerous actors.”

The interface is in Russian, which can be speculated by Kaspersky that it is directed to Russian users.

“Our telemetry indicates that 90% of potential victims are in Russia, where 4604 users encountered the program from the beginning of January to the end of March,” the report said.

To avoid the fall of the victim, Kaspersky only recommended to download software from trusted sources as pirate programs and alternative download options for a higher risk.

Related: Hackers sell false phones with malicious cryptocurrency software

“Distribution of malware in hidden software is nothing new,” said the company. “When users are looking for ways to download applications outside official sources, the attackers offer their own. They look for new ways to make their sites look legal.”

Other companies also raise the alarm over fresh forms of malware targeted at cryptography users.

The threat factory said in the report of March 28 that it found a fresh family of malicious software that can introduce a false overlay to deceive Android users in providing cryptographic phrases that the device takes over.

Warehouse: Bitcoin soon to $ 70,000? Crypto Baller Funds Spacex Flight: Hodler’s Digest, March 30 – April 5