Kaspersky, the leading cybersecurity platform, reported that you can’t notice fake extensions being added to the host software, SourceForge. Meanwhile, scammers are using a latent server called CipBanker.
Read more to know the threats you could be receiving from such criminals.
Malware disguised as an MS Add-in
SourceForge has a fak listing by the name of ‘officialpackage’. Initially, the package will seem legitimate to you. You will also notice real impressions of MS Office add-in, which will impress you more.
But CipBanker is there to process the main tricks. The software can siphon the wallet address, copy it, and swap it with the hacker’s address.
Once you try to exchange, sell, or buy crypto, the app will intervene, re-tracking the asset to the hacker’s address.
What Makes You More Vulnerable?
The research team at Kaspersky said that wallet holders are in a vulnerable position. Most if the people copy wallet addresses to their clipboard. Rarely does anyone type them physically.
When someone silently changes the address, it would be hard to detect that!
Behind The Scenes
SourceForge’s project seems like a real developer’s tool page. You can even see the download buttons there. But once you download it the malware would be installed in your device by default.
CipBanker is more critical than you think it is. It’s not stealing wallet addresses only. It is also sending your device details anonymously. Information like your IP, country name and usernames ca be shared through telegram.
Are You the Target?
Who are the soft targets of these criminals? The Russian interface of the fake extension shows that the big Russian crypto bourse is the most vulnerable target.
According to Kaspersky’s data, 60% of those affected are Russians. Meanwhile, the total number of victims has crossed 4600.
