Bitcoin 
Ethereum 
Tether 
XRP 
BNB 
Solana 
USDC 
Dogecoin 
Cardano 
TRON 
Lido Staked Ether 
Wrapped Bitcoin 
LEO Token 
Avalanche 
Chainlink 
Sui 
Toncoin 
Stellar 
Shiba Inu 
Hedera 
USDS 
Wrapped stETH 
Bitcoin Cash 
MANTRA 
Litecoin 
Polkadot 
Hyperliquid 
Bitget Token 
Binance Bridged USDT (BNB Smart Chain) 
Ethena USDe 
Pi Network 
WETH 
WhiteBIT Coin 
Monero 
Wrapped eETH 
Uniswap 
OKB 
Coinbase Wrapped BTC 
Dai 
Pepe 
Aptos 
Ondo 
Gate 
NEAR Protocol 
Tokenize Xchange 
Internet Computer 
sUSDS 
Cronos 
BlackRock USD Institutional Digital Liquidity Fund 
Mantle 
Ethereum Classic 
Aave 
Bittensor 
Ethena Staked USDe 
Render 
VeChain 
Kaspa 
Cosmos Hub 
Ethena 
Lombard Staked BTC 
First Digital USD 
Fasttoken 
Official Trump 
Filecoin 
Sonic (prev. FTM) 
POL (ex-MATIC) 
Algorand 
Celestia 
Arbitrum 
Jupiter Perpetuals Liquidity Provider Token 
Solv Protocol SolvBTC 
KuCoin 
Artificial Superintelligence Alliance 
XDC Network 
Maker 
Jupiter 
Optimism 
Story 
Binance Staked SOL 
NEXO 
Bonk 
EOS 
USDT0 
Binance-Peg WETH 
Stacks 
Flare 
Worldcoin 
Kelp DAO Restaked ETH 
Fartcoin 
Sei 
DeXe 
Binance Bridged USDC (BNB Smart Chain) 
PayPal USD 
Movement 
Curve DAO 
Injective 
Polygon Bridged USDT (Polygon) 
Rocket Pool ETH 
Tether Gold 
The Graph 
Cybersecurity firm Kaspersky has uncovered a new threat targeting cryptocurrency users, warning of malware designed to steal digital assets by exploiting trust in common user actions.
In their latest blog post, Kaspersky noted that the attackers adopt a unique approach by distributing malware that exploits SourceForge, a popular site for software hosting and downloads.
How Does This Crypto-Stealing Malware Work?
The malware distributors trick their victims into sending cryptocurrency to the wrong destination by using malicious code that secretly replaces legitimate wallet addresses copied to a user’s clipboard with the hackers’ own destination wallet addresses right before a transaction. The crypto thieves disguise themselves as Microsoft Office Add-Ins on the SourceForge website.
According to Kaspersky’s post on SourceForge, the hackers use alternate links to install the malware on users’ devices and infiltrate their crypto wallets. Although they did not specify the hackers’ origin, the cybersecurity firm noted that the malware’s coding is in the Russian language, and about 90% of the victims are potentially Russian.
In the meantime, Kaspersky’s researchers observed that even though the code is in Russian, the link attached to the malware links to an English-based website. That signifies the malware’s potential for expansion beyond the Russian region.
What is a ‘ClipBanker’ Attack?
The researcher noted that the code places ClipBanker, a malware that replaces cryptocurrency wallet addresses on a victim’s device.
Based on the fact that most crypto users adopt the “copy-paste” approach during transactions, the malware interjects in the process and replaces the copied wallet address on users’ clipboards. That would lead to victims sending funds to wallets different from their originally intended destinations.
Although Kaspersky warned about the attackers’ intention to steal crypto assets, the cybersecurity company noted that the dangers posed by the new threat could be greater.
According to the researchers, the attackers can go as far as selling the victims’ system access to more dangerous actors, potentially leading to threats more significant than just stealing cryptocurrencies and other digital assets.