Researchers have discovered a new way to deliver malware by embedding video into a Microsoft word document
Researchers have discovered a new way to deliver malware by embedding video into a Microsoft word document. The new attacking method was discovered by Researchers at Cymulate and said that attackers could use this for phishing and other malicious purposes. “Attackers could use this for malicious purposes such as phishing, as the document will show the embedded online video with a link to YouTube, while disguising a hidden html/javascript code that will be running in the background and could potentially lead to further code execution scenarios.” The attacking methods work by inserting a video file into the Microsoft Word Document, editing the XML file named document.xml. It is replaced with a crafted payload which opens the download manager for Internet Explorer and executes the malicious code.
Workflow of the attack:
- Create a word document
- Embed an online video or youtube video by clicking insert option in the tab.
Source: Cymulate[/caption] - Save the word document.
- You need to unpack the word document. It can be done by using an unpacker or zip docx extension and unzip it.
Source: Cymulate[/caption] - In the next step, you need to Edit the document.xml file under word folder.
- Inside the .xml file check for embeddedHtml parameter (under WebVideoPr) and you will find the Youtube iframe code and replace it with any HTML code/javascript to be rendered by Internet Explorer.
Source: Cymulate[/caption] - After changing it save the file and update the docx package with the modified xml and open the document.
You may be interested in reading:Building an Effective Cybersecurity Culture Program