Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Malware invades through PowerPoint files without a macro
You must have heard the same warnings as many times. A macro is a series of commands that can be used to automate a repeating task. Hackers often use this tool to hack computers through Office files, especially Word. But recently, people have discovered a form of attack that doesn't even require users to turn on macros, instead, the malware will execute on the system with the PowerShell command embedded in the PowerPoint file (PPT).
The PowerShell code inside the document file will be activated as soon as the victim moves or mouse over the link, download the payload on the computer without clicking on it . Researchers at Sentinelone security company discovered that the hacker group using this malicious PowerPoint file spread Zusy, a trojan known as Tiny Banker.
Discovered in 2012, Zusy is a bank trojan, targeting financial websites and being able to take network traffic and perform Man-in-Browser attacks to add forms to web pages. legal, require victims to share important data such as card numbers, TAN, authentication codes .
" A variant of malware called Zusy has been found as a PowerPoint file attached to spam emails with titles like" Purchase Order # 130527 "(Orders) and" Confirmation ". users must turn on macros to execute , "researchers at SentinelOne Labs said.
Warning of Office before opening the file
PowerPoint files attach emails with such titles and when opened, it displays the text "Loading . Please Wait" in the form of a hyperlink. When a user hovers over it, it automatically runs the PowerShell script, but the Protected View security feature is enabled by default in most Office versions, including Office 2013 and 2010, which will display a warning. If the user ignores this warning and allows the text to be opened, the malicious code will connect to the cccn.nl domain, thereby downloading the executable file and the new variant of the banking trojan named Zusy will invade.
Security researcher Ruben Daniel Dodge also analyzed this new attack and confirmed that it does not depend on macros, Javascript or VBA to execute. "It is done through the definition of a mouse drag. This operation is set to execute the program in PowerPoint when the user moves the mouse over the text." RlD2 "is defined as a hyperlink and an object and a PowerShell command "Dodge said.
The company also said the attack will not happen if the file is opened with PowerPoint Viewer because it refuses to execute the program. However, this technique can still be effective in some cases.
Kareem WintersYou should read it
- What is Safe Malware? Why is it so dangerous?
- Can a VPN Fight Malware?
- What is Malware? What kind of attack is Malware?
- The 4 most common ways to spread malware today
- Learn about polymorphic malware and super polymorphism
- What is Goldoson Malware? How can you protect yourself?
- What is rooting malware? What can you do to protect yourself?
- Some simple tricks to deal with Malware
May be interested
- How to convert PDF files to PowerPoint
pdf is one of the most used file formats in the world. however, it is not easy to use pdf in powerpoint presentations. this article will show you how to convert pdf files to powerpoint and provide some formatting tips. - How to separate sheets into separate Excel filesto separate each excel sheet into separate excel files, simply use the vba macro code to finish.
- How to Add a Button to a Macroa prerecorded macro, saved to the macros library, can be assigned to a button in the microsoft office quick access toolbar. when a macro has been assigned to a button in the quick access toolbar, you can 'run' or execute the macro by...
- How to troubleshoot macros in Excel not workingexcel macros are a powerful feature designed to automate repetitive tasks, saving you both time and effort. however, it is not uncommon to experience problems while macros are enabled, which can be extremely annoying, preventing you from streamlining your workflow.
- How to lock, not edit PowerPoint filesthis article will guide you to lock powerpoint files with a password to protect your presentation content.
- Recovering unsaved Word files, retrieving Word, Excel and PowerPoint files before savingthis can be said to be a problem that many users encounter, that is to close the text file, office has just worked but forgot to save - save again. or in case of a sudden power outage, the computer has a blue screen error, hangs up ... all can happen at any time. so, if you want to find out what excel, word or powerpoint files have not saved, what should you do?
- Tips to reduce the size of PowerPoint files should be knownpowerpoint presentations often contain multiple photos, embedded videos, charts, graphs and other content, so it's not surprising that powerpoint files are often large. here are some tips to help you reduce the size of powerpoint files.
- Some simple tricks to deal with Malwaremalware seems to become more and more intelligent and causes more incalculable consequences than before. installing malware detection tools (malwarebytes, hijackthis, combofix ...) on the computer is not a redundant task. but in some cases, for many reasons (blocked by malware itself) these tools are
- Features available on MS Office allow malware to enter without turning on the macrosince cybercriminals appear more and more, traditional techniques become more mysterious when exploiting standard tools and protocols that are often overlooked.
- How to create a PowerPoint file passwordcreating passwords for powerpoint slides helps you secure files, avoiding content duplication.
Attack the network
- 14-year-old Japanese boy was arrested for creating ransomware
- Hackers start using SambaCry to attack Linux computers
- An easy way to trick $ 80,000 a month from App Store and iOS
- The US warned about DealtaCharlie - DDoS botnet malware from Korea
- What is Bitcoin? Why is Bitcoin not 'virtual money'?
- WannaCry is not dead yet, it just attacked Honda and Australia's traffic camera system
14-year-old Japanese boy was arrested for creating ransomware
Hackers start using SambaCry to attack Linux computers
An easy way to trick $ 80,000 a month from App Store and iOS
The US warned about DealtaCharlie - DDoS botnet malware from Korea
What is Bitcoin? Why is Bitcoin not 'virtual money'?
WannaCry is not dead yet, it just attacked Honda and Australia's traffic camera system