Moreover, Kaspersky warns that attackers may sell access to infected systems to more dangerous actors, increasing the potential for widespread damage.

The malware not only steals cryptocurrencies but also poses further security risks by granting attackers access to users' systems.

To protect themselves, Kaspersky advises users to avoid downloading software from untrusted sources and to rely on trusted platforms, as pirated applications are particularly risky.

Kaspersky's research indicates that around 90% of potential victims are located in Russia, with over 4,600 users encountering this scheme between January and March 2025.

The actual malware is only 7MB in size, which is suspiciously small for office applications and raises red flags about its authenticity.

Among the malware components is ClipBanker, which silently alters clipboard data to replace cryptocurrency wallet addresses, potentially redirecting funds to attackers.

Additionally, the malware utilizes backdoor installers to deliver payloads like TeviRat and Lapmon, granting attackers full control over infected systems.

This incident highlights the ongoing risks associated with downloading pirated software, which often leads to severe financial losses through data theft.

Kaspersky has uncovered a new malware campaign that targets cryptocurrency users by distributing malicious Microsoft Office add-ins through the legitimate software hosting site SourceForge.

One notable project involved, named 'officepackage,' deceives users with a legitimate appearance and positive reviews while actually distributing malware.

This project redirects users through a series of deceptive links to a malicious site, ultimately leading to the download of harmful files.

Upon clicking the download link, users are taken to a page featuring a password-protected archive that appears to be a large 700MB installer, but is mostly filled with junk data.