JavaMining

Written by:
Lucie Sadler
Date Posted:
15 May 2018
Category:
Security

Spreadsheet fans rejoice as Microsoft announce JavaScript add-in (but watch out)

Well, Microsoft has been talking about allowing custom formulas in Excel for years, but most of the buzz at ground level seemed to be in favour of Python. But they ignored that. So soon users will be able to use JavaScript in their spreadsheets instead.

New stuff
The new fancy things you’ll be able to do are: calculating maths operations (like whether a number is prime), draw information from the web (bank account balances etc), and to stream live data (stocks and shares). Sounds pretty useful, actually.

A special JavaScript interpreter will be used to compute the spreadsheet data instead of using Excel’s native engine, and it’ll appear in Excel’s default formula DB. The functions can run on Windows, macOS, and Excel Online.

Now, the JavaScript add-in is only available for Office Insiders at the moment but here’s a handy blog that shows you how it all works.

Cell mining
The new functionality has sparked security concerns though. It’s in the same vein as the cryptomining scam that we wrote about last week, where infected JavaScript code can be used to mine cryptocurrency without the user’s knowledge.

Turns out it works in Excel too. The infamous cryptocurrency mining script from CoinHive can be embedded in the MS spreadsheet and run in the background. So if it worked, it’d drain your CPU usage and might raise a few data security alarms.

Luckily, Excel add-ins rely on a browser process to run custom functions, so unless someone finds a way to insert the mining script without needing your auth, you’re safe. Just don’t get click happy, as after the function is loaded manually, it runs automatically whenever the file is opened on the same system.

Rating: 5.0. From 1 vote.
Please wait...

Leave a Reply

Be the First to Comment!

avatar
  Subscribe  
Notify of

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.