In another security hack that is making the rounds, Microsoft’s PowerPoint is the target.
“Spammers are testing a new way to trick victims into installing malware that downloads after the user hovers over a link in a PowerPoint slide show,” ZDNet reports. The new infection, which was discovered by BleepingComputer, “abuses a hover action in PowerPoint slide show mode to install malware.” When a user opens the PowerPoint file and puts their cursor over the malicious hyperlink, a PowerShell command runs quietly in the background “that connects to a malicious domain and downloads malware files.”
Like other Office malware that uses macros to infect victims, the latest malware is spread via email attachments. The attached file formats are the open-source version of Microsoft PowerPoint slide show, which are only for viewing, and can’t be edited like normal files. The malware proceeds to download a banking trojan.
The PowerPoint (PPSX) examples seen so far display the hyperlinked text “Loading… Please wait”. Hovering over it will download malware automatically unless Office Protected View is enabled. Fortunately, Protected View was enabled by default in Office 2010, in which case Office displays a security warning that blocks the download.
The PowerPoint file downloads a banking trojan it calls Gootkit or Otlard. SentinalOne calls the malware Zusy.
I wonder how much I have stated this. “Do not open attachments, or click on hyperlinks in your email unless you are 100% certain of it’s origin and that you have requested it”. Most security threats (malware – trojan horses, ransomware etc.) are spread through email. Always use caution before clicking!