Zero-Day vulnerability in Internet Explorer is being used to steal cryptocurrency

A few days ago, a new Internet Explorer zero-day vulnerability was reported, which, if exploited, could allow an attacker to extract information from the compromised machines. Now, cybersecurity specialists from the International Institute of Cyber Security (IICS) report that malicious hackers could exploit this vulnerability to extract cryptocurrency stored on the exposed device.

In the vulnerability report, published last Tuesday, specialists described the process for exploiting the flaw, called “XML external entity attack”. According to cybersecurity experts, the attack only requires the victim to open a specially designed .MHT file, which will call a JavaScript function to achieve the extraction of sensitive information from the affected machine.

Internet Explorer is the only main browser that still supports Java and, because virtually all the devices released for the last ten years have this browser preinstalled, the scope of this vulnerability is considerably higher than others. The company did not announce an immediate correction, only the possibility of solving the flaw in some future update was raised.

The risks for the cryptocurrency community are that there are very virtual currency holders who store the information of their assets on their PC. If these machines are connected to the Internet and use Internet Explorer as a default browser, any virtual asset could be available to any threat actor, the experts in cybersecurity mentioned.

If not enough, cybersecurity researchers claim that this vulnerability could be exploited with a much more advanced method, even the attack could be extended to Edge, the latest version of Microsoft’s web browser. This version of attack would be much more aggressive, allowing attackers to extract virtually any local file using a simple MHT file. 

As a security measure, users are encouraged to disable or uninstall Internet Explorer, at least until Microsoft decides to launch the corresponding update patch. If uninstalling this browser is not a functional measure for you, you only have to be careful with MHTML files, because the interaction with one of them is the only thing necessary to trigger the attack.