Microsoft Word Cryptocurrency Mining Vulnerability
The hack is said to utilize a possible vulnerability that allows latest versions of Microsoft Office products to add text to the online video feature. The videos act as a passage for the hacker to embed the malicious videos within your documents with little need to add the video directly to the Word panel. The vulnerability accommodates the use of the iframe insertion code making the mining operations harder to track
The findings are from a group of researchers from the Israel tech security company, Votiro. The firm lead researcher, Amit Dori, was on record indicating that hackers are becoming more sophisticated in their use of legitimate platforms to conduct malicious activities. Dori further notes that the hackers do also trick the users into watching the malicious video while the crypto mining is exhausting your CPU from all the mining taking place. Watching the video will also take longer than usual since the video loading phase is the actual setup of the mining scripts on your PC.
Microsoft’s Votiro's Reaction, Legit Or Not?
However, this is not the first scenario that scripts are finding a way into genuine software products. Already there are crypto mining scripts reportedly hijacking browsers, online games, and web pages. The use of Microsoft Word is relatively new, but hackers can take advantage of Word being an essential software hence a bigger target for their hacking schemes. The findings from Vitiro also come at a time when cryptocurrency is increasingly becoming popular which is a danger in itself since more novices will become potential victims.
And although Vitiro has taken the liberty to report the issue to Microsoft's Support team, the security team do not conclude the vulnerability as a full threat. They classify the scheme as a social engineering rather than the exploitation of MS Word.