Published on April 9, 2025 | Category: tech

Beware, these dangerous fake Microsoft Office add-ons are spreading malware

News

By Sead Fadilpašić published 9 April 2025

Someone tried abusing SourceForge to distribute malware

A white padlock on a dark digital background.

(Image credit: Shutterstock.com)

Kaspersky found a new malicious campaign leveraging SourceForge
The campaign distributed a crypto miner and a clipboard jacker
SourceForge said the attack was quickly stopped

Hackers tried using SourceForge to distribute malware, but thanks to the platform’s swift reaction, a major escalation seems to have been averted.

Earlier this month, security researchers Kaspersky said they spotted a “rather unique” malware distribution scheme in which a fake Microsoft Office project, called ‘officepackage’, was uploaded to the main website sourceforge.net.

Officepackage was advertised as a compilation of Microsoft Office add-in development tools. Its description and files are a copy of the legitimate Microsoft project ‘Office-Addin-Scripts’, it was said, which can be found on GitHub.

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

View Deal

"No malicious files hosted"

In reality, the files serve as a malware dropper, a cryptocurrency miner, and a clipboard jacker. Kaspersky said the threat actors can use the files deployed through the project to drop additional malware on compromised endpoints, or to use their computing power to mine cryptocurrencies. Furthermore the files keep track of the clipboard for copied crypto addresses and replace them with the ones belonging to the attackers, on paste.

For those unaware of SourceForge, it is a popular website that hosts open-source software projects, and provides hosting, comparison, and distribution services.

Kaspersky said that before being pulled, the malware infected 4,604 systems, most of which are in Russia.

SourceForge, on the other hand, says that its platform wasn’t broken into: "There were no malicious files hosted on SourceForge and there were no breaches of any kind,” the project’s president, Logan Abbott, said in a written statement shared with BleepingComputer.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“The malicious actor and project in question were removed almost immediately after it was discovered. All files on SourceForge.net (the main website, not the project website subdomains) are scanned for malware and that is where users should download files from. Regardless, we’ve put additional safeguards in place so that project websites using free web hosting cannot link to externally hosted files or use shady redirects in the future."

Via BleepingComputer

Microsoft warns many big Android apps carry major flaws
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

TOPICS

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Hundreds of GitHub repositories hijacked to trick users into downloading malware Fake DeepSeek installers are infecting your device with dangerous malware YouTubers targeted by blackmail campaign to promote malware on their channels Microsoft reveals over a million PCs hit by malvertising campaign Criminals are spreading malware disguised as DeepSeek AI CrowdStrike warns of fake job offer scam that is actually just malware GitHub is hiding malware disguised as games, legitimate software Security experts are being targeted with fake malware discoveries These fake macOS updates are actually just looking to spread malware Microsoft SharePoint hijacked to spread Havoc malware MassJacker malware targets those looking for pirated software Fake Reddit sites found pushing Lumma Stealer malware

Latest in Security

Hackers exploit zero-day Common Log File System vulnerability to plant ransomware TVT DVRs become prime target for Mirai botnet Beware, these dangerous fake Microsoft Office add-ons are spreading malware Ancient flaw that allowed hackers to view your Chrome browser history has finally been patched, so update now WhatsApp patches worrying vulnerability which allowed hackers to share .exe files as images CrushFTP vulnerability exploited in the wild, added to CISA KEV database Major Android security update patches a host of actively exploited flaws, so download now Oracle quietly confirms public cloud data breach, customer data stolen Scanguard Malicious Python packages are stealing vital data, and have been downloaded thousands of times already Port of Seattle ransomware breach exposes data on around 90,000 people Still using WinRAR? It has a worrying security flaw that could let hackers hijack your Windows device

Latest in News

Don't be so quick to pre-order that Hori Piranha Plant Camera for Nintendo Switch 2 as there's a pretty big catch Samsung's Galaxy Watch sleep apnea detection could get a big future boost from AI The ultra-fast EV charging revolution could still be a way off, according to these early megawatt experiences Dan Clark Audio's Noire X are the Johnny Cash of elite planar magnetic headphones and I must have them No, Spotify Premium won't be getting ads: subscribers can relax as Spotify debunks rumors Predator: Killer of Killers is a new animated movie coming to Hulu that'll tell the story fans of the franchise have been waiting for Nvidia RTX 5060 Ti price rumor is what all gamers want to hear – these models may be cheaper than RTX 4060 Ti equivalents, especially the 16GB GPU Google Messages has developed a very annoying emoji reaction bug, users report Hackers exploit zero-day Common Log File System vulnerability to plant ransomware Netflix's #2 most-watched movie is a new buddy comedy with 94% on Rotten Tomatoes – here are 3 more to watch next Strava has added 4 new features users will love, including a massive map rendering overhaul The Wizard of Oz is coming to the Las Vegas sphere in 16K thanks to the power of Google DeepMind AI

More about security

Hackers exploit zero-day Common Log File System vulnerability to plant ransomware

TVT DVRs become prime target for Mirai botnet

Latest

Hackers exploit zero-day Common Log File System vulnerability to plant ransomware

See more latest

Beware, these dangerous fake Microsoft Office add-ons are spreading malware

Beware, these dangerous fake Microsoft Office add-ons are spreading malware

"No malicious files hosted"

Are you a pro? Subscribe to our newsletter

You might also like

You must confirm your public display name before commenting

Related Articles

Spotify is about to be flooded with AI-made ads, and I wonder if it will make much of a difference to businesses

CinemaCon 2025 live – first Avatar 3 reaction, juicy Fantastic Four news,

NYT Wordle today — answer and my hints for game #1385, Friday, April 4