05:12 GMT +321 July 2018
Listen Live
    A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017

    Hackers Can Exploit Microsoft Word for Cryptocurrency Hijacking

    © REUTERS / Kacper Pempel/Illustration
    Tech
    Get short URL
    210

    As the rapid ascent of Bitcoin has been drawing the attention of criminal minds to cryptocurrencies, a team of security experts warns about a possible security risk in probably one of the most popular and ubiquitous Microsoft products out there that can be used to illegally obtain digital currency.

    Microsoft Word's Online Video feature essentially allows an online video to be inserted into a document without actually being embedded, so as not to increase the file size.
    However, cybersecurity company Votiro warns that this particular widget may be exploited by criminals seeking to hijack your computer in order to make themselves some digital currency.

    The videos viewed via Word’s Online Video feature runs as an HTML code in an encapsulated iexplore.exe process, and "as only basic sanitization is performed on the provided HTML, it poses several security risks," Votiro points out.

    For example, criminals may ‘cryptojack’ their target’s computer by posting the video on a website containing a script that forces a CPU to mine cryptocurrency for as long as the browser is open.

    "The IE frame fits this scenario perfectly, as users can be tricked into watching an "innocent" video while, in the background, their CPU is being exhausted. For this scenario to maximize efficiency, the attacker can tailor the video for the victim, making sure to choose one that the victim will be tempted to watch," Votiro experts explain.

    Also, this possible vulnerability allows a computer to be infected with an exploit-kit, potentially turning it into a criminal’s "own remote money-maker machine" if they infect it with a cryptocurrency miner, or to be used in phishing schemes.

    READ MORE: Use These 'Pro-Tips' to Detect and Cure Your Smartphone From Cryptoslavery

    Earlier this year Seoul claimed that hackers from the Lazarus Group, allegedly affiliated with North Korea, targeted South Korea’s cryptocurrency exchanges and stole the personal data of about 30,000 users of the Bithumb cryptocurrency exchange.

    Separately, hackers struck at the Tokyo-based Coincheck exchange, affecting the accounts of about 260,000 customers and absconding with some $500 million worth of the NEM cryptocurrency on January 26.

    Related:

    $170 Million Worth of Virtual Currency Goes Missing From Italian Exchange
    US Stamps Out Cybercrime Gang: 'It's Certainly a Big Bust' - John McAfee
    'It's Just a Matter of Time' - Cybersecurity Expert Warns About Cyber 9/11
    Tags:
    mining, discovery, vulnerability, hackers, cryptocurrency, Microsoft Word, Microsoft
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik
    • Сomment