A miner and the ClipBanker Trojan being distributed via SourceForge
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A unique malware distribution scheme exploiting SourceForge has been discovered. The attackers create a seemingly legitimate project on sourceforge.net, which automatically generates a sourceforge.io subdomain. This subdomain is then used to host a malicious page that tricks users into downloading a compressed archive containing malware. The infection chain involves multiple stages, including the use of password-protected archives, Visual Basic scripts, and PowerShell commands. The main payloads are a cryptocurrency miner and ClipBanker, a Trojan that replaces cryptocurrency wallet addresses in the clipboard. The campaign primarily targets Russian-speaking users, with 90% of potential victims located in Russia.
OPENCTI LABELS :
powershell,cryptocurrency,miner,autoit,persistence,clipbanker,sourceforge
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
A miner and the ClipBanker Trojan being distributed via SourceForge