Java mining scripts for Monero can be run inside Word documents. This became possible thanks to a new feature that appeared in the latest versions of Microsoft Office products. It allows you to add text to the video using the iframe insertion code. The file itself does not become harder, because the view is done online. This is reporte by Block Tribune.
The problem was noticed by a researcher from the Israeli company Votiro Amit Dori. He writes that the video player is actually a disguised Internet Explorer browser that operates in an offline mode. In addition, Word allows you to insert links to any site on the Internet, even if it is not in the white list.
You can protect yourself by maintaining an up-to-date machine with all security patches and updates installed. Furthermore, if you spot a serious CPU rise while watching an online video in Word, be aware it might be an in-browser miner and close the video frame.
Security researcher, Votiro
The scammer can place the video in his own domain, adding to it a Java-script for mining. It is worth the user to click on the playback, as the crypto miner starts to mine Monero, parasitizing on the power of its processor.