Monday, February 26, 2018

Cryptojacking is the Word, and the Word is cryptojacking as Office application exploit allows hackers to use your pc for crypto mining

Microsoft Word is one of the most highly used applications on personal computers (PC's) around the world.  So it should come as no surprise that cyber-hackers would focus on this and other types of common applications to find exploits in which to conduct their illegal activities.

And sadly it appears they have succeeded thanks to certain functions within Microsoft Word that allows malware to exploit its video feature to turn your pc into a cryptocurrency mining node.

Graphic use courtesy of Null Byte
Microsoft Word's Online Video feature essentially allows an online video to be inserted into a document without actually being embedded, so as not to increase the file size. 
However, cybersecurity company Votiro warns that this particular widget may be exploited by criminals seeking to hijack your computer in order to make themselves some digital currency. 
The videos viewed via Word’s Online Video feature runs as an HTML code in an encapsulated iexplore.exe process, and "as only basic sanitization is performed on the provided HTML, it poses several security risks," Votiro points out.For example, criminals may ‘cryptojack’ their target’s computer by posting the video on a website containing a script that forces a CPU to mine cryptocurrency for as long as the browser is open. 
Also, this possible vulnerability allows a computer to be infected with an exploit-kit, potentially turning it into a criminal’s "own remote money-maker machine" if they infect it with a cryptocurrency miner, or to be used in phishing schemes. – Sputnik News
Just when you thought it was safe to jump back into the Word processing pool. 


Post a Comment