Streamlining the tool for legitimate users could make it more effective for attackers.
As the company works on the new feature, analysts are already exploring what attackers could do with it if and when it hits the mainstream market. Within a day of the announcement this week, Dardaman published a proof of concept that showed how the new functionality could be programmed to run the CoinHive cryptomining program through an Excel document. Dardaman was even able to set things up so that the mining quietly relaunched each time a user opened the compromised Excel file.
'I believe the harm vastly outweighs the good.'
Security Researcher Mitch Edwards