21 March 2018

Hackers exploit Microsoft Word for cryptocurrency hijacking

Home page Technology
12 Punto 14 Punto 16 Punto 18 Punto

As the rapid ascent of Bitcoin has been drawing the attention of criminal minds to cryptocurrencies, a team of security experts warns about a possible security risk in probably one of the most popular and ubiquitous Microsoft products out there that can be used to illegally obtain digital currency. informs citing

Microsoft Word's Online Video feature essentially allows an online video to be inserted into a document without actually being embedded, so as not to increase the file size.

However, cybersecurity company Votiro warns that this particular widget may be exploited by criminals seeking to hijack your computer in order to make themselves some digital currency.

The videos viewed via Word’s Online Video feature runs as an HTML code in an encapsulated iexplore.exe process, and "as only basic sanitization is performed on the provided HTML, it poses several security risks," Votiro points out.

For example, criminals may ‘cryptojack’ their target’s computer by posting the video on a website containing a script that forces a CPU to mine cryptocurrency for as long as the browser is open.
"The IE frame fits this scenario perfectly, as users can be tricked into watching an "innocent" video while, in the background, their CPU is being exhausted. For this scenario to maximize efficiency, the attacker can tailor the video for the victim, making sure to choose one that the victim will be tempted to watch," Votiro experts explain.

Also, this possible vulnerability allows a computer to be infected with an exploit-kit, potentially turning it into a criminal’s "own remote money-maker machine" if they infect it with a cryptocurrency miner, or to be used in phishing schemes.

Earlier this year Seoul claimed that hackers from the Lazarus Group, allegedly affiliated with North Korea, targeted South Korea’s cryptocurrency exchanges and stole the personal data of about 30,000 users of the Bithumb cryptocurrency exchange.

Separately, hackers struck at the Tokyo-based Coincheck exchange, affecting the accounts of about 260,000 customers and absconding with some $500 million worth of the NEM cryptocurrency on January 26.

2018.02.26 / 12:25
See also

Uber halts self-driving cars after pedestrian fatality

Facebook misled lawmakers over data breach: UK lawmaker

Machines may soon invent jokes, write poems

France to sue Google, Apple for 'abusive' practices

Ants hotline blinging around an iPhone - Video/Photo

Blockchain technology can revolutionize world

Elon Musk unveils new underground loop system

Facebook signs music licensing deal with Warner

Can space junk help us find aliens?

Want to live forever? Well, you could if you’re a billionaire

Xocalı soyqırımı — 1992-ci il Bağla
Bize yazin Bağla