Cybercriminals have found a smart way to take your crypto using fake Microsoft Office add-ons that steal your money. Many users download the tools that are disguised as normal tools, as these fake add-ins are available on SourceForge. But these packages come with a stealthy malware called ClipBanker that siphons off your crypto without you knowing.
ClipBanker does its job in the background, taking over one of the most widely performed actions by crypto users: copying and pasting wallet addresses. After a user copies a wallet address to the clipboard, the malware switches it to that of the attacker’s. Most users use copy-paste instead of typing long wallet addresses, so this substitution goes unnoticed most of the time until they unknowingly send their funds to the wrong address.
One such vendor, “Office Package,” uses a fake Office add-in with download buttons copied from authentic pages. Once people install the extension, it initiates a relentless attack. The malicious program hijacks your clipboard and collects your system information like IP address, geolocation, and username, which it sends to hackers via Telegram. Moreover, it uses anti-detection techniques; if it detects any antivirus, it will erase itself to avoid detection.
Cybersecurity professionals have highlighted more alarming signs, like suspiciously small file sizes that don’t match what Office software usually produces and files that have been stuffed with random crap.
The dangers extend beyond stolen funds. When hackers seize control of the device, they can use it for other criminal activities. Other criminals could profit from this access and carry out even more devastating actions. The hackers want your crypto transaction, but they can exploit you more over time.
The interface of the fake add-in is Russian; this shows at least the Russian-speaking users are targeted. The data shows that thousands, mostly Russians, have come across this malware already.
To protect yourself from this danger, do not download anything from unverified or unofficial sources. Furthermore, be careful about suspicious extensions, even the harmless ones. Cyber criminals are becoming even more sophisticated and are on the rise as crypto usage increases. Keeping up-to-date and following best practices is essential for safeguarding digital assets from ever-more-sophisticated attacks.
