Posted on June 5, 2017 at 9:45 AM
Hovering Over A Link Might Start The Download Of Malicious PowerPoint File
As if the recent ransomware and malware attacks weren’t bad enough, it would seem that cybercriminals have now discovered an even easier way to infect our devices with malicious software. The antivirus and antimalware companies are doing their best to keep everyone safe by creating updates constantly, but online criminals somehow manage to stay one step ahead at all times.
The newest target by these hackers includes pretty much anyone and everyone who has the ability to open a PowerPoint file. The victims of this new type of attack don’t even have to click on the file, nor allow it special permissions or privileges. This makes the new attack even scarier and more troublesome than any before.
To be more specific, the researchers have come across a certain PowerPoint file that had demonstrated the ability of an automatic malware download. The download starts as soon as the users’ pointers hover over the link. You don’t even need to actually click on them anymore. This is a very problematic method since people have a habit of allowing their mouse cursor to wander around while they’re looking at the documents.
Also, PowerPoint files often contain links that lead to other domains. The additional trouble is that the malware doesn’t even ask users to enable macros, nor will you get any sort of warning before the infection. The security experts have gotten the example of this file via email. The email itself mentioned some kind of order that was placed by the victim, which would make many people curious about what it’s all about.
Even those familiar with viruses and malware that come via email wouldn’t expect an attack from a PowerPoint file, and so many would open it without a second thought. Despite the fact that PowerPoint files were malware free, it would seem that that’s no longer the case. The entire file only has one slide, and it says “Loading… Please Wait”. While the users are waiting, expecting that the file will load, they might hover over the message displayed on their screen. If they do, the malware gets automatically downloaded.
The malicious code coming from the file will launch a PowerShell, and the payload download code will run. However, it’s still unknown which type of malware is being downloaded by this method.
The good thing is that the Microsoft Office installation package has a certain tool that might help with stopping this kind of attacks. All you need to do is enable the Protected View feature, and the malware won’t be downloaded on your device.
All of the Windows users should enable this feature as soon as possible. The warning message that will appear might not be enough to stop some of the users from getting the malware, but that’s only if they choose to ignore it. Most people don’t, however, and they will be protected.
The point of such attacks is to infect as many devices as possible, and this is one of the biggest problems that the online community is facing these days. So far, there’s no way of stopping cybercriminals from infecting users’ devices, and the best that anyone can do is help spread the word about the threat.