Hackers can exploit Microsoft Word for cryptocurrency hijacking

  26 February 2018    Read: 1790
Hackers can exploit Microsoft Word for cryptocurrency hijacking

As the rapid ascent of Bitcoin has been drawing the attention of criminal minds to cryptocurrencies, a team of security experts warns about a possible security risk in probably one of the most popular and ubiquitous Microsoft products out there that can be used to illegally obtain digital currency.

Microsoft Word's Online Video feature essentially allows an online video to be inserted into a document without actually being embedded, so as not to increase the file size.

However, cybersecurity company Votiro warns that this particular widget may be exploited by criminals seeking to hijack your computer in order to make themselves some digital currency.

The videos viewed via Word’s Online Video feature runs as an HTML code in an encapsulated iexplore.exe process, and "as only basic sanitization is performed on the provided HTML, it poses several security risks," Votiro points out.

For example, criminals may ‘cryptojack’ their target’s computer by posting the video on a website containing a script that forces a CPU to mine cryptocurrency for as long as the browser is open.

"The IE frame fits this scenario perfectly, as users can be tricked into watching an "innocent" video while, in the background, their CPU is being exhausted. For this scenario to maximize efficiency, the attacker can tailor the video for the victim, making sure to choose one that the victim will be tempted to watch," Votiro experts explain.

Also, this possible vulnerability allows a computer to be infected with an exploit-kit, potentially turning it into a criminal’s "own remote money-maker machine" if they infect it with a cryptocurrency miner, or to be used in phishing schemes.

Earlier this year Seoul claimed that hackers from the Lazarus Group, allegedly affiliated with North Korea, targeted South Korea’s cryptocurrency exchanges and stole the personal data of about 30,000 users of the Bithumb cryptocurrency exchange.

Separately, hackers struck at the Tokyo-based Coincheck exchange, affecting the accounts of about 260,000 customers and absconding with some $500 million worth of the NEM cryptocurrency on January 26.


More about:


News Line