Microsoft Word Has Mining Vulnerability, Votiro Says

According to researhers, vulnerability is caused by the new feature of Microsoft Word
22 February 2018   864

Java mining scripts for Monero can be run inside Word documents. This became possible thanks to a new feature that appeared in the latest versions of Microsoft Office products. It allows you to add text to the video using the iframe insertion code. The file itself does not become harder, because the view is done online. This is reporte by Block Tribune.

The problem was noticed by a researcher from the Israeli company Votiro Amit Dori. He writes that the video player is actually a disguised Internet Explorer browser that operates in an offline mode. In addition, Word allows you to insert links to any site on the Internet, even if it is not in the white list.

You can protect yourself by maintaining an up-to-date machine with all security patches and updates installed. Furthermore, if you spot a serious CPU rise while watching an online video in Word, be aware it might be an in-browser miner and close the video frame.
 

Amit Dori

Security researcher, Votiro

The scammer can place the video in his own domain, adding to it a Java-script for mining. It is worth the user to click on the playback, as the crypto miner starts to mine Monero, parasitizing on the power of its processor.

Chinese Hackers Hiddenly Mined $2M

Hackers built hidden miner into plug-ins for the Internet browser - for example, to improve the speed of the Internet
10 July 2018   241

Chinese hackers were able to mine hiddenly $2M worth  cryptocurrency in 2 years. 1M devices were infected. This is reported by CoinDesk.

According to one local media, police in the Chinese city of Dalian arrested 20 employees of a computer firm who are suspected of illegally taking control of a large number of computers for illegal crypto-mining.

Hackers created a malicious program and built it into plug-ins for the Internet browser - for example, to improve the speed of the Internet - and promoted it through advertising, which was shown to 5 million users.

After the user clicked on such an advertisement and installed the plugin, his computer became infected. As a result, according to the police, malware was downloaded to more than 1 million computers, which for 2 years mined 26 million tokens of Digibyte, Decred and Siacoin.

In addition, hackers created a network of more than 100 agents to promote their illegal mining network-for example, through working relationships in the internet cafes.