Malicious PowerPoint File Downloads Malware Once Victims Hover Over a Link

Cybercriminals prefer to use Microsoft Office macros to infect computers with all kinds of malicious software. However, it appears a new type of malware infection tool is making the rounds. Researchers came across a PowerPoint file which downloads malware as soon as users hover over a link. That is a very troublesome development, to say the least. Moreover, it appears this PowerPoint file removes the need to use major scripts altogether.

Infecting Computers With Malware Becomes a lot Easier

The last thing our society needed is an easier way for cybercriminals to infect computers with who-knows-what types of malicious software. Unfortunately, it appears these criminals remain several steps ahead of security researchers and software vendors. They are now targeting anyone who can open Microsoft PowerPoint files on their computer. The fact victims don’t even have to click a link or enable special privileges makes this development even more troublesome than before.

More specifically, researchers came across a PowerPoint file which automatically downloads malware onto a computer as soon as the user hovers over a link in the document. The reason why this is so troubling is because people often let their mouse cursor wander while looking through any document. Additionally, it is not uncommon to see PowerPoint files with hyperlinks in them either. Plus, users do not need to enable macro privileges, nor will they see a major pop up on the screen to warn them about any dangers.

The file obtained by security experts is a PowerPoint presentation which is delivered in the form of an email attachment. The email in question mentions some kind of order the victim has allegedly placed. Since the file itself is named “invoke” or “order”, very few people would even consider it to be a harmful file. After all, it is not a Word or Excel file, as most people know by now these are the file extensions which cause most malware infections to date. PowerPoint files have been malware-free so far, albeit that has now come to change.

What is rather remarkable is how the PowerPoint file only consists one slide. Users will see a “Loading… Please Wait” message on the screen, which they can hover over. Once they do so, the malware payload will be downloaded onto the computer. The file executes malicious code which launches a PowerShell and runs the payload download code. it is unclear which type of malware is being distributed at this time, though.

Luckily, it appears the Microsoft Office installation package offers a tool to prevent these attacks. Users who enabled the Protected View feature will not have malware downloaded onto their computer. It is of the utmost importance for users to turn this feature on as soon as possible. It is still possible for them to ignore the warning message on the screen, though, yet it will keep most people from purposefully downloading a malicious software package.

Once again, cybercriminals are trying to infect as many computers as possible by leveraging Microsoft Office software. This is becoming quite problematic these days, as it does not appear there is any way to prevent them from doing so. All we can do is spread the word about this new threat, in the hopes of preventing people from having to deal with malware attacks.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.