Experts of the Israeli company Votiro, specializing in the field of cybersecurity, found a vulnerability in the new version of Microsoft Word in the form of the opportunity to drop cryptocurrency through the embed code of a video that can be inserted into a text file.
It is indicated that this possibility is realized through the option Online Video, which is available in the program. After opening the program, the user is offered a video for viewing, and he can have a thematic focus by the preferences of the person. While the video is being watched, the device process works in the interests of the hacker.
In support of their words, they gave specific examples, in which about 99% of all processor performance was used in the interests of hackers. Specialists note that to maximize the effectiveness of hidden mining, the maximum duration of the video action is required. One way to artificially extend the running time is to start fake screenshots "Loading" to prompt the user to stay while waiting for the video to start.
Based on the research, experts note that Word can carry other dangers, for example, act as a distributor of Trojans for the theft of bank data or phishing pages that are embedded in the document.
Summing up, representatives of Votiro recommend users to be cautious about any file in Word format received from unknown users. Alert is also needed when using Online Video, integrated into the editor.
Among the potentially dangerous is recognized and Internet Explorer. Researchers note that the browser has a minimal share of distribution, so updates it appears exceptionally rarely.
Information Source: TechRepublic