A few days ago, a new Internet Explorer zero-day vulnerability was reported, which, if exploited, could allow an attacker to extract information from the compromised machines. Now, cybersecurity specialists from the International Institute of Cyber Security (IICS) report that malicious hackers could exploit this vulnerability to extract cryptocurrency stored on the exposed device.
In the vulnerability report, published last
Tuesday, specialists described the process for exploiting the flaw, called
“XML external entity attack”. According to cybersecurity experts, the
attack only requires the victim to open a specially designed .MHT file, which
will call a JavaScript function to achieve the extraction of sensitive
information from the affected machine.
Internet Explorer is the only main browser that
still supports Java and, because virtually all the devices released for the
last ten years have this browser preinstalled, the scope of this vulnerability
is considerably higher than others. The company did not announce an immediate
correction, only the possibility of solving the flaw in some future update was
raised.
The risks for the cryptocurrency community are
that there are very virtual currency holders who store the information of their
assets on their PC. If these machines are connected to the Internet and use Internet
Explorer as a default browser, any virtual asset could be available to
any threat actor, the experts in cybersecurity mentioned.
If not enough, cybersecurity researchers claim
that this vulnerability could be exploited with a much more advanced method,
even the attack could be extended to Edge, the latest version of Microsoft’s web
browser. This version of attack would be much more aggressive, allowing
attackers to extract virtually any local file using a simple MHT file.
As a security measure, users are encouraged to
disable or uninstall Internet Explorer, at least until Microsoft decides to
launch the corresponding update patch. If uninstalling this browser is not a
functional measure for you, you only have to be careful with MHTML files,
because the interaction with one of them is the only thing necessary to trigger
the attack.
