The IT security company Bitdefender is currently warning of a malware campaign with which fraudsters are trying to mine cryptocurrencies via a network of hacked PCs. The perfidious thing about it is the security gap – because it is in OneDrive, but Microsoft is not taking action.
Bitdefender had already discovered around 700 attacked Microsoft OneDrive instances in May of this year. A dynamic link library (DLL) sideloading vulnerability in Microsoft OneDrive is exploited. The security company handled this discovery in the familiar manner: They contacted Microsoft, explained their findings and assumed that Microsoft would issue a security update and a warning. But none of that has happened so far.
“Microsoft does not interpret sideloading via a dynamic link library as a security vulnerability,” writes Bitdefender now in the vulnerability disclosure and explained what is behind the discovery and Microsoft’s response.
First of all, there is an active wave of attacks via the DLL vulnerability in OneDrive. Germany is among the more severely affected countries. The sideloading vulnerability is currently being used to perform crypto mining using the hacked resources. Victims of the hack notice losses in the performance of the systems. However, the vulnerability is also suitable for ransomware attacks or for infection with spyware.
Take Precautionary Measures
Microsoft currently sees no need for action. Cybercriminals exploit a regular feature of the database, so a software update would not be effective. Instead, Microsoft suggests precautionary measures. Users can install Microsoft OneDrive either “per user” or “per machine”. The default is the installation “per user”. In this configuration, users without special privileges can write to the folder in which OneDrive is located.
Hackers can place malicious malware here, modify or completely overwrite executable files. Microsoft, therefore, recommends installing the OneDrive “per machine”. Instructions on how to do this can be found at: https://learn.microsoft.com/en-us/onedrive/per-machine-installation, explains Bitdefender. However, the “per machine” installation is not suitable for everyone. Bitdefender, therefore, warns OneDrive users to be very careful: “Both the virus protection and the operating system used must always be updated.
It has been a long time since I joined Research Snipers. Though I have been working as a part-time tech-news writer, it feels good to be part of the team. Besides that, I am building a finance-based blog, working as a freelance content writer/blogger, and a video editor.