Microsoft PowerPoint Users Beware: Hackers Are Using it to Spread Malware

Here's how it works:

By

Microsoft PowerPoint users should beware of hackers that are now using presentation files to start spreading malware.

The hackers reportedly use seemingly harmless PowerPoint or ".PPT" files to launch a malicious PowerShell script. In turn, it spreads malware to its targets.

Microsoft PowerPoint Users Beware: Hackers Are Using it to Spread Malware
In this photo illustration a young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021 in Berlin, Germany. by Sean Gallup/Getty Images

Microsoft PowerPoint Hackers Use it to Spread Malware

As per the latest news story by Bleeping Computer, it appears that hackers allegedly working for Russia are using Microsoft PowerPoint presentations to carry out a cyberattack.

The online news outlet notes that the threat actors are using the mouse movement on PowerPoint presentations to start spreading malware.

The hackers specifically trigger a PowerShell script by simply relying on the movement of the cursor. And as such, Bleeping Computer notes that the attackers do not need to use any malicious macro to start the attack. So this new method seems to be more discreet than using a macro to spread nasty malware.

How Hackers Are Using PowerPoint Files in Cyberattacks

According to a report by the cybersecurity intelligence firm, Cluster25, a fake PowerPoint presentation is being used to execute a malicious PowerShell script.

Microsoft Office is Saying Goodbye in Favor of Microsoft 365
NEW YORK - OCTOBER 21: Chairman and chief software architect at Microsoft, Bill Gates, launches the new Microsoft Office System October 21, 2003 in New York City. by Spencer Platt/Getty Images

The report notes that the attack triggers as the target enters into the full-screen presentation mode. And as the cursor moves, the PowerShell script starts downloading a JPEG file. By the looks of it, the DSC00002.jpeg might seem completely harmless. But the hackers hid a DDL file in the JPEG that lets them install malware.

Then from there, the payload installs a Portable Executable or PE file, which comes with malware.

Lure PowerPoint File

Bleeping Computer adds in the same report that the hackers are using a PowerPoint file that includes two slides. Both of them teach their viewers how to use the Interpretation feature on Zoom.

The lure document used in the campaign looks like a typical professional presentation with bulleted text. But it isn't what it seems to be.

Besides all these seemingly harmless instructions on using the Interpretation option, it includes a nasty hyperlink beneath it. And once it gets triggered by the movement of the mouse, it starts carrying out the attack.

Cluster25 notes that this new malware campaign has begun luring targets in August, and has continued in September. But it looks like the attackers are working on it as early as January and February, the intelligence firm highlights.

The research further discloses that the usual targets of these lura PPT files are the government and defense departments of various countries in the European Union, as well as Eastern Europe.

This article is owned by Tech Times

Written by Teejay Boris

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:MalwareHack
Join the Discussion
Most Popular
Real Time Analytics