But we saw it coming:
Security researcher Charles Dardaman leveraged this feature to show how easy it is to embed the infamous in-browser cryptocurrency mining script from CoinHive inside an MS Excel spreadsheet and run it in the background when opened.
“In order to run Coinhive in Excel, I followed Microsoft’s official documentation and just added my own function,” Dardaman said.
Microsoft will soon roll this feature out to a broader audience.
- Microsoft Releases Patch Updates for 53 Vulnerabilities In Its Software
- 17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction
- Email Phishers Using New Way to Bypass Microsoft Office 365 Protections
- Microsoft Office 365 Gets Built-in Ransomware Protection and Enhanced Security Features
- CoinHive URL Shortener Abused to Secretly Mine Cryptocurrency Using Hacked Sites