Malware invades through PowerPoint files without a macro
'Turn off the macro and always be careful when turning it on while opening Microsoft Office Word document files'. This warning is probably no longer useful.
You must have heard the same warnings as many times. A macro is a series of commands that can be used to automate a repeating task. Hackers often use this tool to hack computers through Office files, especially Word. But recently, people have discovered a form of attack that doesn't even require users to turn on macros, instead, the malware will execute on the system with the PowerShell command embedded in the PowerPoint file (PPT).
The PowerShell code inside the document file will be activated as soon as the victim moves or mouse over the link, download the payload on the computer without clicking on it . Researchers at Sentinelone security company discovered that the hacker group using this malicious PowerPoint file spread Zusy, a trojan known as Tiny Banker.
Discovered in 2012, Zusy is a bank trojan, targeting financial websites and being able to take network traffic and perform Man-in-Browser attacks to add forms to web pages. legal, require victims to share important data such as card numbers, TAN, authentication codes .
" A variant of malware called Zusy has been found as a PowerPoint file attached to spam emails with titles like" Purchase Order # 130527 "(Orders) and" Confirmation ". users must turn on macros to execute , "researchers at SentinelOne Labs said.
Warning of Office before opening the file
PowerPoint files attach emails with such titles and when opened, it displays the text "Loading . Please Wait" in the form of a hyperlink. When a user hovers over it, it automatically runs the PowerShell script, but the Protected View security feature is enabled by default in most Office versions, including Office 2013 and 2010, which will display a warning. If the user ignores this warning and allows the text to be opened, the malicious code will connect to the cccn.nl domain, thereby downloading the executable file and the new variant of the banking trojan named Zusy will invade.
Security researcher Ruben Daniel Dodge also analyzed this new attack and confirmed that it does not depend on macros, Javascript or VBA to execute. "It is done through the definition of a mouse drag. This operation is set to execute the program in PowerPoint when the user moves the mouse over the text." RlD2 "is defined as a hyperlink and an object and a PowerShell command "Dodge said.
The company also said the attack will not happen if the file is opened with PowerPoint Viewer because it refuses to execute the program. However, this technique can still be effective in some cases.
You should read it
- How many types of malware do you know and how to prevent them?
- 10 typical malware types
- What is Safe Malware? Why is it so dangerous?
- Can a VPN Fight Malware?
- What is Malware? What kind of attack is Malware?
- The 4 most common ways to spread malware today
- Learn about polymorphic malware and super polymorphism
- What is Goldoson Malware? How can you protect yourself?
- What is rooting malware? What can you do to protect yourself?
- Some simple tricks to deal with Malware
- What is Malware Joker? How to fight Malware Joker?
- 5 types of malware on Android
Maybe you are interested
How to see your friends' recent online visits on Snapchat Parent company TikTok entered the AI chatbot race 8 key factors to consider when testing AI chatbot accuracy 8 reasons why content creators can't rely on AI chatbots The cost per search query with Google and Microsoft chatbots can cost 10 times more than a regular search query How do I show file paths on Mac?