The Malware Gets Activated on Hovering over a Link in Microsoft PowerPoint

Technology > Security

Spammers are experimenting a new method to hoax victims to install malware which downloads while user floats over a link in a side show of PowerPoint.

The fresh infection way adds to the usual advice of not clicking links distrustful sources and develops a threat of malware of the Office macro which emerged again in 2015 and hoax recipients of email in running a malicious script or a macro which downloads and puts in malware.

Bleeping computer recently identified the new change on Office malware which does not need macros but actually misuses a hover action in PowerPoint slide show mode to put in malware. If the receiver opens the file of PowerPoint and floats on the hyperlinked text of a document, it will run a command of PowerShell connecting to a mischievous domain downloading files containing malware. Researchers of Trend Micro have identified an activated Trojan horse at the time when users float their mouse over images and links in documents of PowerPoint in Microsoft.

Hackers spread the files of PowerPoint by using normal spamming methods, sending emails which look genuine to innocent users, targeting industries including "device fabrication, education, manufacturing, logistics and pyrotechnics." posted on June 12th, 2017, stating "Users have to open the PowerPoint files to become victimized of the malware though they don't have to do anything besides hovering over the links to activate it."

Trend Micro suggests to use Protected View of Power Point to avoid infection, "which Microsoft enables by default, especially to documents downloaded from probably unsafe locations." PowerPoint will issue a warning about the malicious code on enabling the Protected View.

Trend Micro says: "Protected View provides a method for users to read the text of an unknown or suspicious file which considerably reduces the chances of being infected. Also the delivery method is new but the malware in the PowerPoint scam has been in existence since at least 2012. The malware was used in France in 2015 which was hidden in messages which looked to be from the ministry of justice. 

The security company also observed that the PowerPoint email campaign has not been large till now and it only reported in the Middle East and Europe and it could be a rehearsal for other campaigns in future.

» SPAMfighter News - 15-06-2017

Photo by: EsaRiutta / Pixabay