A few days ago, a new Internet Explorer zero-day vulnerability was reported, which, if exploited, could allow an attacker to extract information from the compromised machines. Now, cybersecurity specialists from the International Institute of Cyber Security (IICS) report that malicious hackers could exploit this vulnerability to extract cryptocurrency stored on the exposed device.
Internet Explorer is the only main browser that still supports Java and, because virtually all the devices released for the last ten years have this browser preinstalled, the scope of this vulnerability is considerably higher than others. The company did not announce an immediate correction, only the possibility of solving the flaw in some future update was raised.
The risks for the cryptocurrency community are that there are very virtual currency holders who store the information of their assets on their PC. If these machines are connected to the Internet and use Internet Explorer as a default browser, any virtual asset could be available to any threat actor, the experts in cybersecurity mentioned.
If not enough, cybersecurity researchers claim that this vulnerability could be exploited with a much more advanced method, even the attack could be extended to Edge, the latest version of Microsoft’s web browser. This version of attack would be much more aggressive, allowing attackers to extract virtually any local file using a simple MHT file.
As a security measure, users are encouraged to disable or uninstall Internet Explorer, at least until Microsoft decides to launch the corresponding update patch. If uninstalling this browser is not a functional measure for you, you only have to be careful with MHTML files, because the interaction with one of them is the only thing necessary to trigger the attack.