Security analysts have reported a worrying new discovery — cryptocurrency theft is now possible due to a new feature added in Microsoft Word which allows users to embed multimedia elements. Microsoft have apparently tried to ease the creation of interactive documents by implementing this functionality.
Microsoft Word Now Allows for Cryptocurrency Theft
Microsoft has recently issued a new update to the Microsoft Word editor which allows users to directly embed internet videos inside the documents. The new feature is accessible via a menu option that includes the following options:
- Bing Video Search — The users can search for videos by inputting keywords which are routed to the Bing video search engine.
- Youtube — The victims can directly input their queries into the search box.
- From a Video Embed Code — The users can directly embed web code from an Internet site.
The last option constitutes the danger. It allows the Microsoft Word users to directly copy and paste an iframe embed code inside the documents. This means that the inserted video will be automatically loaded into the file without any security scans or other protection mechanisms. As a result a video player will be displayed with the appropriate “Play” button will be loaded.
Cryptocurrency Theft in Microsoft Word Documents — Mechanism of Action
The security implications are really worrying as the analysts have uncovered two particular worrisome scenarios:
- No Restrictions — The Microsoft Word application allows the users to directly embed the videos without restriction. Common security guidelines usually institute a list of approved sites which are deemed trustworthy by the system administrators.
- Video Execution — The videos are actually played in a popup that is actually a headless Internet Explorer instance.
The security experts note that computer criminals can load malware miner scripts that have the ability to institute cryptocurrency theft attacks. They propose that if such an attack campaign is planned it can impact thousands of users.
The hackers behind such attempts can host a video on a dangerous domain that includes a script in combination with the dangerous video. When the victims click on the “Play” button the threat is executed on the victim’s machine and the infection follows. Cryptocurrency miners are specifically meant to use the computer’s resource in order to “mine” (process transactions) currencies and generate income for the operators. Using the same technique complex Trojans and viruses that actually steal detected wallets and the contained therein currencies can also be deployed.
While there are no major attack campaigns detected yet the analysts note that such intrusion attempts can be particularly effective when combined with phishing scams. They are often distributed using email messages that pose as being sent by popular web services. In most cases the hackers utilize stolen text and graphics and also use familiar sounding domains to confuse the victims.
We remind our readers that they can protect themselves from danger by utilizing a quality anti-spyware solution.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: