A miner under the guise of Microsoft Office is being distributed in Russia

The attackers are distributing the miner and the ClipBanker Trojan under the guise of Microsoft Office office applications on the SourceForge platform (a platform for hosting software projects). In Russia, more than 4,600 users have already encountered this malicious campaign, Kaspersky Lab told Izvestia.

Take on board: how hackers spread viruses using pirated software

Hacked programs help attackers steal personal data

"Users who searched the Internet for Microsoft PC applications on unofficial resources could see a page hosted on one of the domains of the SourceForge website, where they were offered to download such programs for free. If a person clicked on the link, on the program page they saw a large list of popular Microsoft office applications available for download at a click," explained Oleg Kupreev, a cybersecurity expert at Kaspersky Lab.

However, in fact, there was a hidden hyperlink leading to downloading a malicious archive, he noted. There were two files inside —a password-protected archive and a text document with a password. If a person unpacked an attached, password-protected archive, then as a result, two malicious programs penetrated the computer.

The first is a miner that allowed attackers to use the power of an infected PC to mine cryptocurrencies. The second is ClipBanker, a Trojan that substituted the addresses of crypto wallets to steal currency, they explained. At the same time, there were no Microsoft applications among the downloaded files.

Kaspersky Lab's cybersecurity experts note that despite the fact that the attack is aimed at stealing data and mining cryptocurrencies, attackers may later sell access to compromised devices or use it for other purposes.

Such malware hidden under Microsoft applications is an alarming signal for all users who are looking for free software on the Internet. It is important to understand that the use of unlicensed software is not only a violation of the law, but also a serious risk to personal safety and data security, said Dmitry Sokolov, head of the information security service at MyOffice.

Read more in the exclusive Izvestia article:

In office style: a miner is being distributed in Russia under the guise of Microsoft products