Hackers are targeting users of Microsoft Powerpoint to launch their latest malware campaign.
As is typical, unsuspecting users are sent an email attachment, which on this occasion is disguised as a Powerpoint presentation.
When the user opens the file, an innocuous looking message says, “Loading … Please Wait,”.
The problem is that this new malware, dubbed ‘Zusy’ includes a hyperlink that will infect the computer. What’s scary is that you only have to hover over the link to become infected – NO click is required.
This is certainly a new way of attacking unsuspecting users and has so far been largely unsuccessful. Microsoft Office warns users about the risk and security tools such as Malwarebytes protects users from these types of attack.
Microsoft Office 2013 and Office 2010 include a feature called Protected View that, when enabled, will produce a warning when attempting to open an infected file.
The warning reads: “Microsoft Office has identified a potential security concern.” Users can then choose to close the file before being exposed to the malware according to TheatrePost.
To enable Protected View in PowerPoint, start the application and click the File menu, then choose Options.
From inside options, click Trust Centre and open Trust Centre Options. An option for Protected View should appear, and a checkbox will show if it is enabled or disabled. Make sure the checkbox is selected and click OK.
Users should still be vigilant however. It is understood that the attack is commonly spread via emails with subject lines such as “Purchase Order #” or “Confirmation.” These messages then have a file attached with names like “order.ppsx,” “invoice.ppsx” or “order&prsn.ppsx.”
If the attack is successful, Zusy is capable of stealing users’ personal data and information.
Via: Sentinel One Labs