Bleeping Computer

Fake Microsoft Office add-in tools push malware via SourceForge

Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims' computers to both mine and steal cryptocurrency. SourceForge.net is a legitimate software ...
CoinTelegraph

Hackers hide crypto address-swapping malware in Microsoft Office add-in bundles

A malware that swaps a victim's copied crypto wallet address with an attacker's is being included with Microsoft Office extension packages on SourceForge. Update April 9, 11:50 pm: This article has ...
Computerworld

‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users

A blind spot in Microsoft’s app and add-in marketplace security allowed an eagle-eyed hacker to hijack an abandoned Outlook add-in to carry out phishing attacks that compromised 4,000 users, ...
Bleeping Computer

Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts

The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. Originally a legitimate meeting scheduling tool for Outlook ...