Microsoft PowerPoint users should beware of hackers that are now using presentation files to start spreading malware.
The hackers reportedly use seemingly harmless PowerPoint or “.PPT” files to launch a malicious PowerShell script. In turn, it spreads malware to its targets.
(Photo : Sean Gallup/Getty Images)
In this photo illustration a young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021 in Berlin, Germany.
Microsoft PowerPoint Hackers Use it to Spread Malware
As per the latest news story by Bleeping Computer, it appears that hackers allegedly working for Russia are using Microsoft PowerPoint presentations to carry out a cyberattack.
The online news outlet notes that the threat actors are using the mouse movement on PowerPoint presentations to start spreading malware.
The hackers specifically trigger a PowerShell script by simply relying on the movement of the cursor. And as such, Bleeping Computer notes that the attackers do not need to use any malicious macro to start the attack. So this new method seems to be more discreet than using a macro to spread nasty malware.
How Hackers Are Using PowerPoint Files in Cyberattacks
According to a report by the cybersecurity intelligence firm, Cluster25, a fake PowerPoint presentation is being used to execute a malicious PowerShell script.
(Photo : Spencer Platt/Getty Images)
NEW YORK – OCTOBER 21: Chairman and chief software architect at Microsoft, Bill Gates, launches the new Microsoft Office System October 21, 2003 in New York City.
The report notes that the attack triggers as the target enters into the full-screen presentation mode. And as the cursor moves, the PowerShell script starts downloading a JPEG file. By the looks of it, the DSC00002.jpeg might seem completely harmless. But the hackers hid a DDL file in the JPEG that lets them install malware.
Then from there, the payload installs a Portable Executable or PE file, which comes with malware.
Lure PowerPoint File
Bleeping Computer adds in the same report that the hackers are using a PowerPoint file that includes two slides. Both of them teach their viewers how to use the Interpretation feature on Zoom.
The lure document used in the campaign looks like a typical professional presentation with bulleted text. But it isn’t what it seems to be.
Besides all these seemingly harmless instructions on using the Interpretation option, it includes a nasty hyperlink beneath it. And once it gets triggered by the movement of the mouse, it starts carrying out the attack.
Cluster25 notes that this new malware campaign has begun luring targets in August, and has continued in September. But it looks like the attackers are working on it as early as January and February, the intelligence firm highlights.
The research further discloses that the usual targets of these lura PPT files are the government and defense departments of various countries in the European Union, as well as Eastern Europe.
Written by Teejay Boris