Cybersecurity firm Kaspersky has issued a warning about malicious Microsoft Office extensions being used to spread malware that targets cryptocurrency users.
The malware, hidden in fake software packages uploaded to SourceForge, is designed to steal funds by altering copied crypto wallet addresses.
In its April 8 report, Kaspersky’s Anti-Malware Research Team revealed that one malicious listing, called “officepackage.” It appears to contain legitimate Microsoft Office add-ins but is bundled with a program known as ClipBanker.
EXPLORE: Best New Cryptocurrencies to Invest in 2025
Clipboard-Hijacking Malware Swaps Crypto Wallet Addresses To Steal Funds
The malware monitors a user’s clipboard and, if it detects a copied crypto wallet address, replaces it with an address controlled by the attacker.
“Users of crypto wallets typically copy addresses instead of typing them. If the device is infected with ClipBanker, the victim’s money will end up somewhere entirely unexpected,” Kaspersky’s team stated.
The malware campaign is designed to mimic legitimate software, complete with a polished page on SourceForge and fake download buttons.
The malware also collects sensitive data from infected devices—such as IP addresses, countries, and usernames. These are sent to the attackers via Telegram. Some files in the installer are suspiciously small, while others are padded with junk data to appear more convincing.
Kaspersky also found that the malware avoids detection by checking for existing antivirus software and removing itself if identified. While the malware’s primary function is to steal crypto funds via mining and address swapping, the attackers may also sell access to compromised systems to more dangerous actors.
The Russian-language interface suggests the malware may be targeting Russian-speaking users specifically. Kaspersky noted that 90% of detected victims were based in Russia, with over 4,600 users affected between January and March 2025.
🚨 ALERT:
A malware disguised as Microsoft Office add-ins on SourceForge is targeting crypto users with a clipboard-hijacking technique, according to Kaspersky.
The malware replaces copied crypto wallet addresses with the attacker's address. $sol $eth #cybercrime pic.twitter.com/p8rLsEbUos
— Tom Bibiyan 🇺🇸 (@realtombibiyan) April 9, 2025
The company advises users to download software only from official, trusted sources, warning that pirated or alternative software versions are often used as vehicles for malware. “Attackers keep looking for new ways to make their websites look legit,” Kaspersky noted.
Other cybersecurity firms are also flagging new malware threats. Threat Fabric recently reported a new malware family targeting Android devices by overlaying fake interfaces to trick users into revealing their crypto wallet seed phrases.
EXPLORE: 10 Best AI Crypto Coins to Invest in 2025
Crypto Hacks Top $1.6B In Q1 2025, With Bybit Exploit Driving Bulk Of Losses
Over $1.63 billion in cryptocurrency was stolen during the first quarter of 2025, with a staggering 92% of the total attributed to the massive Bybit hack in February, according to blockchain security firm PeckShield.
While January recorded $87 million in losses, February saw an unprecedented surge to $1.53 billion, including additional attacks on Infini, zkLend, and Ionic.
However, March brought some relief, with hack-related losses dropping sharply to $33 million — a 97% decline from February. Some stolen funds were also recovered, offering a partial reprieve for affected users and platforms.
DISCOVER: Best Meme Coin ICOs to Invest in April 2025
Join The 99Bitcoins News Discord Here For The Latest Market Updates
Key Takeaways
- Kaspersky warns of malware hidden in fake Microsoft Office add-ins designed to steal crypto by hijacking copied wallet addresses.
- The malware, dubbed ClipBanker, also collects user data and evades detection by removing itself if antivirus software is found.
- Over 90% of victims were Russian users, prompting Kaspersky to urge downloads only from official and trusted software sources.
Why you can trust 99Bitcoins
Established in 2013, 99Bitcoin’s team members have been crypto experts since Bitcoin’s Early days.
Weekly Research
100k+Monthly readers
Expert contributors
2000+Crypto Projects Reviewed
