PoC exploit to deploy Malware using Youtube and Microsoft Office.

Cleaver hackers always finding a loop hole. There is a new PoC exploit utilizing Microsoft Words embedded video feature and YouTube thumbnail videos. The hackers go about placing a HTML script behind the image of the video. When the user clicks the video the HTML code is executed by Internet Explorer. Presto you have been injected with malware or ransomware. Be careful about those shady incoming email’s with attachments and especially those that end in .xml prefix.

 

Leave a Comment