- Cybercriminals exploit SourceForge’s open platform, using projects like officepackage to distribute crypto theft malware.
- Sophisticated malware like ClipBanker and TookPS is delivered through pirated software via redirects and nested files.
SourceForge maintains its position as a thriving center for developers and user as an open-source software platform. The hosting platform provides software distribution alongside project services, which draws multiple types of users to its platform. Open platforms like SourceForge and GitHub make software development accessible but expose users to potential security dangers. Kaspersky researchers found proof that cybercriminals have perfected their methods to steal cryptocurrencies while hijacking systems through the “officepackage” project on SourceForge.
The program officepackage presents itself as harmless because its name and description match, while the review praises it positively. Research conducted by Kaspersky experts demonstrated that the project information came from a different GitHub repository. Users who accessed SourceForge detected no initial threats, while the real threats existed throughout the system. SourceForge project subdomains allowed cyber attackers to develop the address officepackage. sourceforge[.]io for their victim interception scheme. Search engines position these pages at the top of their results, so attackers benefit by using them as targets.
How the Crypto Theft Malware Works
Users who visited officepackage.sourceforge[.]io encountered a deal to obtain Microsoft Office software without cost. The “Download” button triggered a mouse cursor redirect to loading.sourceforge[.]io before directing users to an unrelated website. The vinstaller.zip file awaited users who managed to pass through all webpages and then extracted an unsafe Windows Installer. The digital Russian doll architecture contained two harmful programs, including a cryptocurrency mining application and ClipBanker, which altered clipboard wallet addresses. The compromised system used up victim resources without showing Office software while it silently stole their monetary assets.
TookPS Malware Targets Professionals and Hobbyists
This isn’t an isolated case. Kaspersky reports that the TookPS downloader, whose previous presence existed in deepfake DeepSeek and Grok clients, successfully infected various websites offering bogus cracked copies of UltraViewer and AutoCAD, and SketchUp professional applications. Every type of digital user, including personal hobbyists and organizational users, became targets of malicious malware files that masqueraded as Ableton.exe and QuickenApp.exe. The backdoor installation process of these installers delivered two payloads known as TeviRat and Lapmon, which granted full control of compromised systems. The Kaspersky Securelist blog delivers comprehensive information about present-day malware delivery that demonstrates its complex nature.
The common thread is Pirated software. Users fall victim to cybercriminal schemes by believing free cracked software promises. The legitimate operations of SourceForge and GitHub fail to properly supervise their vast networks which makes them vulnerable to security threats that hackers can use for their advantage.
Through the officepackage ruse attackers demonstrate their method of using legitimate hosting services to disguise their purposes before redirecting users to malicious content. The risk posed by counterfeit download websites spreads across different user groups because they distribute their free software to both professional users and casual users.
According to Kaspersky, users must completely avoid downloading any type of pirated software. Pirated software leads to loss of valuable data such as crypto wallets and passwords together with bank details, which transforms into a direct financial expense. Users need to rely on trusted sources while using SourceForge, and they must employ antivirus software for download scanning.
Application users can use trial editions or free versions that protect their devices’ safety, although they provide limited functionality. Your digital wallet requires identical protection to a physical wallet, so strong security measures must be used to safeguard your cryptocurrency and banking information.
