While the malicious project is no longer available on SourceForge, Kaspersky says the project had been indexed by search engines, bringing traffic from users searching for "office add-ins" or similar.

Hackers tried using SourceForge to distribute malware, but thanks to the platform’s swift reaction, a major escalation seems to have been averted.

Malicious actors are attempting to steal crypto with malware embedded in fake Microsoft Office extensions uploaded to the software hosting site SourceForge, according to cybersecurity firm Kaspersky.