Microsoft's office software suite could be misused to launch phishing attacks capable of fooling even the most skilled Internet users, researchers found.
Bitdefender analysts recently discovered that homograph attacks (those that abuse similar characters to deceive e.g. Micr0soft) become much more powerful when based on international domain names (IDNs) and used against non-browser applications. .
After testing the behavior of some applications against an IDN homograph attack, the researchers found that all Microsoft Office applications were vulnerable. This includes all the productivity powerhouses: Outlook, Word, Excel, OneNote, and PowerPoint.
No patch in sight
In short, a malicious actor can force Outlook to display a link that appears perfectly legitimate, when the user would not be able to tell the difference until the site was opened in their browser. In some cases, this would be enough to trigger the download of malware.
The company reported the problem to Microsoft in October last year, and while the Redmond-based software giant has acknowledged the threat is real, it has yet to release a patch.
The good news, according to Bitdefender, is that such an attack is not easy to mount and is therefore unlikely to be used on a large scale. Still, the exploit could be an extremely powerful weapon for targeted attacks, such as state-sponsored threat actors targeting specific high-value companies for their passwords (opens in a new tab) and other sensitive data. .
The problem with homograph attacks is that they abuse the internationalization of the web. In the early days of the Internet, all domain names used the Latin alphabet, which is 26 characters long. Since then, the Internet has grown to include more characters, including, for example, the Cyrillic alphabet (used in Eastern Europe and Russia). This has given threat actors a wide playing field, as by combining different people they can create phishing sites whose URL appears identical to the legitimate site.