Cryptojacking can now be done through Microsoft Word documents

Posted: 22 February 2018 12:02 pm
News

A security firm has uncovered another potentially dangerous vector for infection.

Security firm Votiro has uncovered a potential new avenue for cryptojacking attacks. Cryptojacking is when a user is unknowingly tricked into mining cryptocurrencies, usually Monero, for someone else. When a computer is being used for mining, it dedicates most of its processing power to the task. Depending on what else you're trying to do it might slow your computer to a crawl, or be almost unnoticed. It's not dangerous in itself, but it's annoying and unscrupulous.

One might find oneself unknowingly mining crypto by visiting certain web pages, unwisely opening unknown email attachments, playing an infected video on YouTube or even in a sidebar ad, or by opening a compromised Microsoft Word document, as Votiro has discovered.

How it works

The potential vulnerability lies in the relatively new online video feature in Microsoft Word. This lets someone embed online videos and other Internet Explorer code into Word documents, which can then mine cryptocurrency when a user opens the document.

This is a boon for unscrupulous cryptojackers because Word is used much more widely than Internet Explorer and has a potentially much wider pool of victims.

It might also be much easier to trick people into Microsoft Word exploits than others. This is because the Microsoft Word documents themselves are perfectly real and legitimate, they might just happen to be hosting malicious code on them. This could make it much harder to spot than other malicious email attachments.

The same potential vulnerability can be used for attacks other than cryptojacking, including good old malware and trojan installation, or phishing attacks. Votiro gives examples of each attack type and what they look like.

What you can do about it

It might be a simple case of applying the same discretion to Microsoft Word documents as you would to anything else you get online or receive in an email. If you don't trust the source of an MS word document, it might be worth being hesitant.

Cryptojacking 101: What it is and how to spot it.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Latest cryptocurrency news

Picture: Shutterstock

Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VEN, XLM, NANO, SALT, BTC

Get into cryptocurrency

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Go to site