A Microsoft Word function allowing you to insert video into documents became a loophole for hackers. It was possible to build-in a script for Monero mining into a document together the EMBED-code. Since the source of the video was not anyhow checked the miner was started through Internet Explorer at the same time as a video was watched. The vulnerability was discovered by IS-specialists of the Israeli company Votiro.
This method of hidden mining is most likely not beneficial. First, the attacker needs to send the infected document to the victim, which should open it and include the video directly in the document. In addition, the miner will work only while the user is watching the video. Votiro reports that hackers had to load the CPU up to 90 percent to get a minimum profit.
A method based on sending a malicious file was recently used by hackers who distributed a miner via Facebook Messenger. Also Kaspersky Labs reports that a recent vulnerability in the Telegram application for Windows could be used to infect computers, with the help of which cybercriminals masked scripts for normal images. Such attacks are not beneficial for mining, since they are designed for a reckless user who will open an unknown file.
However, substantial money could be earned by hackers who were able to integrate the hidden miner into YouTube advertising. Considering the multimillion audience of the service, it was enough to expose the miner to a small capacity and receive the cryptocurrency, remaining unnoticed. Although the service reported the elimination of the problem within a few hours, users complained about the miner a few more days.