Monero Mining via Word document possible

According to security researchers, even cryptojacking using a Microsoft Word document is now possible. The latest version of Word allows the embedding of code that can access web pages. Due to a lack of security measures by Microsoft, cybercriminals are now able to open the door to their plans.

Cybercriminals are constantly looking for new ways to maximize their revenues at the expense of third parties. If they can even abuse a frequently used program for their own purposes, it’s a stroke of luck for them. The latest version of MS Word allows the embedding of code which, for example, can independently open its own browser window or tab to access a given Internet address. Amit Dori from the security company Votiro was the first to draw attention to this problem on his blog.

Countermeasures would require little effort on the part of Bitcoin revolution

The effort that Microsoft would have to put into countermeasures would be small. The Bitcoin revolution programmers would only have to integrate a so-called whitelist into Word. This is a list of the websites allowed by default, such as YouTube or Vimeo, which can be called via the word processor. If the URL to be called in the embedded code differs, Word would simply block the visit automatically. But there are even more tricks: If you want to disguise your intentions as a hacker, you could simply place the called website below the visible window. Only if you close the larger window or the entire browser would you discover or leave the hidden website. This principle of hidden advertising windows is often used by less serious online marketers.

Amit Dori has informed Microsoft about the dangers of the new „feature“, but the manufacturer classifies the problem as harmless. The same code can also be inserted in PowerPoint presentations or in the OneNote notepad. However, Microsoft has already taken the necessary precautions with these programs. The implemented code can only be used to visit pages that are on Microsoft’s whitelist and are therefore unproblematic to visit.

There are various scenarios for exploiting the gap. The most likely scenario is that the recipient of the Word document visits a prepared website based on the code, via which a drive-by Trojan is smuggled into his device. Depending on the functionality of the Trojan, the hacker now has full control over the hijacked PC. For example, he can view all bank transfers, intercept user names and passwords, drive DDoS attacks, save credit card details, send spam mails from there and much more. Of course, it would also be possible to dig for a crypto currency like Monero on the transferred device. In the second threat scenario, the computer is not taken over. The code only visits a website where, for example, CoinHive Monero is used to mine. This process continues until the visit to the website is finished. Since a particularly long stay leads to the maximum result, the display of a film on its own streaming website would be a good idea. Amit Dori lists the third possibility as being to direct users to websites of PayPal, Amazon, their house bank, the credit card provider etc. that look deceptively real, where their usernames and passwords are to be tapped using phishing.

How do I get Bitcoin loophole Word documents on my PC?

By spam mail, which gives the messages a trustworthy impression. Or, as is often the case with other malware, the hackers distribute them via Usenet or P2P networks on the Internet. Commercial documents are not uncommon there. Alternatively, cybercriminals can add specially prepared Word documents to current films, programs or games, the title of which will arouse the interest of downloaders. This would be particularly effective with the mass of Bitcoin loophole.

What can I do about it?
The use of a proxy or VPN is pointless because it only obscures your own IP address. For the JavaScript on the website or the Drive-by-Trojan it is also irrelevant whether the data is always transmitted encrypted. The antivirus software of most providers is unlikely to work with such prepared documents. Nevertheless, it should be kept up to date in order to prevent infection by drive-by malware. Monero can be prevented from browsing a website using an advertising blocker or other browser extensions. Simply search the browser manufacturer of your choice for the extensions for

Study in Ireland: Government to promote blockchain technology

A study by the National University of Ireland in Galway (NUI) and the Blockchain Association of Ireland (BAI) has looked at the introduction of the blockchain in Ireland. According to the authors of the study, far too few Irish companies use the technology so far. Now they are demanding targeted support from the government.

The Irish Times reported on 11th May that the National University of Ireland in Galway (NUI) together with the Blockchain Association of Ireland (BAI) carried out a study on the subject of block groves. The title of the study also illustrates the motivation behind it: „The Introduction of the Blockchain in Ireland: Investigation of the Influence of Organizational Factors“. Although the blockchain is celebrated „since the Internet as the most revolutionary technology“, the acceptance is too low with only 40 percent of Irish companies that have opted for the technology so far. The authors of the study therefore now call on the government to promote blockchain technology more strongly in Ireland.

Details of the Bitcoin loophole

So far, there are hardly any research results of onlinebetrug in Ireland. Therefore, the results of the NUI Galway and BAI study will meet with great interest. Although only 20 companies were included, the data should shed light on the situation. Eight of these companies are already using the Bitcoin loophole, while the remaining twelve are not yet doing so or have no such plans for the next two years. Five of the 20 company representatives surveyed had a basic awareness of the blockchain, six had a medium level of knowledge and nine had extensive knowledge of the technology. This shows that at least everyone knows the blockchain, but the depth of knowledge is still too superficial.

The key factors identified for the introduction of the blockchain were support from top management and organizational readiness. On the other hand, legal uncertainties, a lack of business cases and internal expertise would act as a deterrent. The study also found that ICOs and crypto currencies are perceived as negative. In association with the blockchain, they therefore also make it difficult to introduce them.

Government to promote knowledge about the news spy

An important factor for the introduction of the blockchain is therefore an extensive knowledge of the technology. Dr. Trevor Clohessy of the NUI Galway therefore calls on the government to promote the news spy acquisition of knowledge about the blockchain. To this end, a national initiative should be launched. Dr. Clohessy highlighted the possible uses of the blockchain:

„One of the advantages of the blockchain is that transaction data is immutable after it is entered into the digital ledger, which means that it is not possible to change or remove the entered data, thereby ensuring the integrity of all transaction records. And its shared ownership makes it less vulnerable to cyber attacks. Beyond the economy, other helpful uses of this technology would include voting machines and ballot boxes to combat electoral fraud and possibly enable a blockchainable, technology-driven border identification system that could provide a solution to the current challenges of the North-South Brexit border area.“

The J. E. Cairnes School of Business and Economics at the NUI Galway is already taking a step towards blockchain funding. The University has recently introduced Blockchain as a module for students studying for master’s degrees in Business Analytics and Information Systems Management.