Image by Rawpixel.com, from Freepik

New Malware Campaign Exploits SourceForge Projects to Steal Crypto & Spy on Users

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Sarah Frazier Former Content Manager

A new malware campaign is targeting users through SourceForge, a trusted site known for hosting open-source software projects.

In a rush? Here are the quick facts:

• Victims download a fake installer containing a hidden cryptocurrency miner and ClipBanker.
• Malware sends user data to attackers via Telegram API.
• Attack chain includes VB scripts, PowerShell commands, and AutoIt interpreters.

Researchers from Kaspersky uncovered a scheme where attackers use a fake project to trick people into downloading malicious files disguised as office tools.

The fake project, called “officepackage,” looks harmless on the SourceForge page. Additionally, it copies its description from a real Microsoft Office add-ons project on GitHub . But the related officepackage.sourceforge.io domain points to a completely different website that lists fake office apps with “Download” buttons.

The researchers explain that the pages are indexed by search engines, so they look legitimate in search results. But instead of useful software, users are led through a confusing maze of download pages that ultimately install malware on their computers.

The downloaded file, named vinstaller.zip, contains hidden tools including a password-protected archive, and a Windows Installer that looks large and legitimate, but is actually stuffed with junk data to fool users. When launched, it runs a script in secret that downloads files from GitHub, extracts malicious components, and starts spying on the device.

One of the hidden scripts sends the victim’s device details to attackers through Telegram . This includes the computer’s IP address, username, antivirus software, and even the CPU name.

The malware does two main things: first, it installs a cryptocurrency miner that quietly uses the computer’s resources to generate digital money for the attackers.

Second, it installs a type of malware called ClipBanker, which waits for users to copy and paste cryptocurrency wallet addresses. When they do, it replaces the wallet address with one owned by the attacker, redirecting funds to them.

The malware uses several methods to stay on the system and automatically restart even after rebooting. It hides in system folders, adds special registry keys, creates fake Windows services, and even hijacks system update tools.

To stay safe, experts strongly advise downloading software only from official sources, as pirated or unofficial downloads always carry a higher risk of infection.

Image by Freepik

UK Government Developing Controversial AI ‘Murder Prediction’ Tool

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Sarah Frazier Former Content Manager

The UK government is working on a controversial project that uses AI to predict who might commit murder in the future.

In a rush? Here are the quick facts:

• Ministry of Justice using data from 100,000–500,000 individuals.
• Sensitive data includes mental health, self-harm, and addiction records.
• Government claims it’s only a research project, not operational yet.

The existence of the program came to light through freedom of information requests obtained by the watchdog group Statewatch .

Their findings suggest that sensitive personal data is being used. These include health records, mental health information, addiction history, and data about people who have not been convicted of any crimes.

Statewatch reports that the Ministry of Justice (MoJ) is leading this plan, examining existing authority records of people to stop serious crimes from happening.

Originally named the “homicide prediction project,” it’s now called “sharing data to improve risk assessment.” The project is currently in a research phase, but campaigners and privacy advocates have raised concerns, as reported by Statewatch.

However, officials deny this. The Guardian reports that a Ministry of Justice spokesperson stated: “This project is being conducted for research purposes only. It has been designed using existing data held by HM Prison and Probation Service and police forces on convicted offenders to help us better understand the risk of people on probation going on to commit serious violence. A report will be published in due course.”

According to Statewatch, police in Greater Manchester shared data on up to half a million people. This included victims, suspects, and people in vulnerable situations.

Sofia Lyall, a researcher at Statewatch, strongly criticized the project, saying: “The Ministry of Justice’s attempt to build this murder prediction system is the latest chilling and dystopian example of the government’s intent to develop so-called crime ‘prediction’ systems.”

She warned the system would deepen racial and class discrimination: “This latest model, which uses data from our institutionally racist police and Home Office, will reinforce and magnify the structural discrimination underpinning the criminal legal system.”

“Using such sensitive data on mental health, addiction and disability is highly intrusive and alarming,” she added.

The government argues that tools like this could improve how probation services assess risk and prevent violent crime. But critics say the system could lead to people being unfairly labelled as potential murderers due to flawed and biased data.

The government argues that these tools will improve the ability of probation services to evaluate risk and stop violent crimes from occurring. Critics, however, warn that the system risks labeling people as potential murderers through bad and biased data.

While still under development, Statewatch reports that documents mention the “future operationalisation” of the system, raising concerns that it could soon be used in real-world policing decisions.