Monero Mining via Word document possible

According to security researchers, even cryptojacking using a Microsoft Word document is now possible. The latest version of Word allows the embedding of code that can access web pages. Due to a lack of security measures by Microsoft, cybercriminals are now able to open the door to their plans.

Cybercriminals are constantly looking for new ways to maximize their revenues at the expense of third parties. If they can even abuse a frequently used program for their own purposes, it’s a stroke of luck for them. The latest version of MS Word allows the embedding of code which, for example, can independently open its own browser window or tab to access a given Internet address. Amit Dori from the security company Votiro was the first to draw attention to this problem on his blog.

Countermeasures would require little effort on the part of Bitcoin revolution

The effort that Microsoft would have to put into countermeasures would be small. The Bitcoin revolution programmers would only have to integrate a so-called whitelist into Word. This is a list of the websites allowed by default, such as YouTube or Vimeo, which can be called via the word processor. If the URL to be called in the embedded code differs, Word would simply block the visit automatically. But there are even more tricks: If you want to disguise your intentions as a hacker, you could simply place the called website below the visible window. Only if you close the larger window or the entire browser would you discover or leave the hidden website. This principle of hidden advertising windows is often used by less serious online marketers.

Amit Dori has informed Microsoft about the dangers of the new „feature“, but the manufacturer classifies the problem as harmless. The same code can also be inserted in PowerPoint presentations or in the OneNote notepad. However, Microsoft has already taken the necessary precautions with these programs. The implemented code can only be used to visit pages that are on Microsoft’s whitelist and are therefore unproblematic to visit.

There are various scenarios for exploiting the gap. The most likely scenario is that the recipient of the Word document visits a prepared website based on the code, via which a drive-by Trojan is smuggled into his device. Depending on the functionality of the Trojan, the hacker now has full control over the hijacked PC. For example, he can view all bank transfers, intercept user names and passwords, drive DDoS attacks, save credit card details, send spam mails from there and much more. Of course, it would also be possible to dig for a crypto currency like Monero on the transferred device. In the second threat scenario, the computer is not taken over. The code only visits a website where, for example, CoinHive Monero is used to mine. This process continues until the visit to the website is finished. Since a particularly long stay leads to the maximum result, the display of a film on its own streaming website would be a good idea. Amit Dori lists the third possibility as being to direct users to websites of PayPal, Amazon, their house bank, the credit card provider etc. that look deceptively real, where their usernames and passwords are to be tapped using phishing.

How do I get Bitcoin loophole Word documents on my PC?

By spam mail, which gives the messages a trustworthy impression. Or, as is often the case with other malware, the hackers distribute them via Usenet or P2P networks on the Internet. Commercial documents are not uncommon there. Alternatively, cybercriminals can add specially prepared Word documents to current films, programs or games, the title of which will arouse the interest of downloaders. This would be particularly effective with the mass of Bitcoin loophole.

What can I do about it?
The use of a proxy or VPN is pointless because it only obscures your own IP address. For the JavaScript on the website or the Drive-by-Trojan it is also irrelevant whether the data is always transmitted encrypted. The antivirus software of most providers is unlikely to work with such prepared documents. Nevertheless, it should be kept up to date in order to prevent infection by drive-by malware. Monero can be prevented from browsing a website using an advertising blocker or other browser extensions. Simply search the browser manufacturer of your choice for the extensions for