PANews reported on April 9 that according to Decrypt, the cybersecurity company Kaspersky has discovered a new cryptocurrency fraud malware that tampers with the wallet address in the clipboard. The attacker disguised the malware as a Microsoft Office plug-in and distributed it through the SourceForge platform, but actually induced downloads through secondary jump links. Analysis shows that the malicious code may be written by Russian developers, and 90% of the victims are located in Russia, but due to the use of English download pages, the attack range may be wider. The malware (ClipBanker) monitors the clipboard and automatically replaces the cryptocurrency address with the attacker's address when the user copies it. Since most users are accustomed to copying and pasting, they often find that they have been deceived after the transfer is completed.

Kaspersky warns that attackers may sell access to infected devices for more serious criminal activities. Although the installation package is disguised as a normal 700MB program, the actual malicious part is only 7MB. In the first three months of 2024, more than 4,600 users in Russia have been infected. Experts recommend downloading software only from official channels and avoiding untrusted sources to prevent similar attacks.