Hackers are frequently exploring newer methods to gain access to over a user’s device. It is relatively a common practice for hackers to infuse cryptocurrency mining programs through YouTube videos and advertisements, They, have also found a loophole in Microsoft Words ‘online video’ feature.
Ways by which MICROSOFT WORD IS being ABUSED BY HACKERS?
If required to add a small video Microsoft Word provides this feature of inserting with no code embedding required. This feature is provided in an attempt to keep the document size relatively small. Hackers have found a way to abuse this feature to their advantage. Israel-based cybersecurity firm Votiro further explained how it is misused, when a user attaches an online video, a webVideoPr element of type CT WebVideoPr, which supports embedded HTML code is loaded in the document. As security checks are very lenient much emphasis isn’t given to this loaded HTML code which poses massive security risks.
Once hackers have taken command of your devices and through games like best clash royale deck, it is now time they raise the bar and perform the next step. They send a word document with a malicious code which is delivered through spam. The key element that persuades the users to click on the video is the topic headline. It is so catchy that the user cannot resist and clicks on it disabling the ‘protected view’ Once this is done the user isn’t aware that, the IE frame would redirect them to the exploit-kit (a malicious toolkit used to exploit security holes found in software applications with the intention of spreading malware). If the exploit is successful, a malware program gets downloaded to the victim’s computer and executed gate, which would survey and further corrupt the device, if conditions are suitable for exploitation.
The program can also be installed on an updated Windows 10 device because the process defeats Windows Defender Exploit Guard as the exploitation is done as a separate process. The ‘online video’ feature also available in PowerPoint, But PowerPoint doesn’t permit injection of HTML code.