Microsoft Word used by hackers to embed cryptojacking scripts

Hackers have started to abuse features provided on Microsoft Word to embed cryptojacking scripts on users’ computers and mine cryptocurrencies.

According to Votiro, an Israel cybersecurity company, hackers are making use of the Microsoft Word’s online video feature to encrypt cryptojacking scripts. The research says that hackers usually trick the users by playing an innocent video where the CPU is being exhausted in the background. Votiro even displayed a scenario where a simple 12-minute video related to cryptocurrency allowed them to hijack 99% of the victims CPU for crypto mining.

Amit Dori, a researcher at Votiro says,

“The threat of cryptocurrency mining through brower has become one of the most trending concerns in the internet realm.”

The Microsoft feature makes the software vulnerable to computer cryptojacking. Since Explorer is not the go-to browser in the world, its updation is done less frequently when compared to that of Chrome and Firefox. This has given hackers a window of opportunity to exploit its cracks and use it to their advantage.

Even though the issue has been presented multiple times to the Microsoft Security Response Centre, it was brushed off as they did not consider the evidence to prove that there’s a security issue.

During an interview with SC Media, a Microsoft spokesperson says,

“This technique relied on social engineering which convinces a user to open a malicious document and disable protected view. We recommend Microsoft customers to practice good computing habits online including making use of caution when clicking on links to web pages, opening unknown files or accepting file transfers.”

This is not the first time that cryptojacking has taken place through browsers. Hackers had used Youtube ads to hijack and mine cryptocurrency last month with the help of Coinhive javascript code. Hackers have been exploiting high-traffic websites, chrome extensions and porn websites by offering ‘giveaway vouchers’ to earn cryptocurrencies.

Joe Hank, a crypto miner from Paisley says,

“It’s the era of revolution. The whole world is making a move towards the moon and a problem as trivial as this shouldn’t be a barrier.”

Renaldi Wahid, a content writer at Oracle Media Services spoke to AMBCrypto and says,

“Why does Microsoft want us to practice ‘safe’ computing? It’s the system that has a flaw, people unlike me who do not understand the intricacies of using computing technology will fall for this flaw. They have shitty security and blame us for their carelessness”

The online security firms have already taken a step forward to make exchanges safer through browsers and ensure that hackers will not be able to take advantage of the user’s information.

Source: Read Full Article

Leave a Reply