The current trend commonly noticed for harming precious computer files and folders was in the form of macro-based hacking techniques attached with emails or MS Office files.
However, with growing awareness of these type of common hacking techniques, hackers have taken a new way: a more “official” looking hacking technique that doesn’t even use macros. This technique has caused a sudden upheaval in the computer world and users are now more prone to malwares.
This PowerPoint malware ingeniously uses PowerShell commands to embed malware execution within a PowerPoint file. It is so ingeniously designed that a user can be affected by the malware even without having to click the link in the pop-up. Just bringing the mouse cursor over the link does the harm.
Moreover, this malware has such a professional and legal looking pop-up appearance that even the most experienced users can fall into its trap. It labels itself as “Microsoft PowerPoint security notice”.
According to sources, SentinelOne, a security firm, PowerPoint files are being spread by hackers with a Trojan named “Zusy”. It is also commonly known as “Tinba”. This Trojan is part of a group of banking Trojans that have the ability to sneak through the security systems and target financial websites.
It is that type of Trojan that asks users to share personal information like illegally asking for credit card numbers, TAN’s etc. Researchers and experts at SentinelOne expressed their amusement on this new type of malware attacking method. They quoted that it is interesting to see how legal it looks and the way the emails are crafted traps many of the most expert and aware users.
These PowerPoint malwares are being distributed through emails labelling “Purchase order confirmation”. When this email is opened, a text depicting “loading” opens and hovering cursor over this text leads to the execution of the PowerShell code. A very professional looking PowerPoint pop-up opens that traps the user. If the user ignores this pop-up, an automatic message is sent to the source to send another copy of this Trojan “Zusy”. Ingenious isn’t it?
Call it ingenuity or negative creativity, this PowerPoint malware has really made many experts in computer field stand on their tip-toes. Just like the expert security researcher Ruben Daniel Dodge quotes that much to his amazement, this technique doesn’t rely on macros or JavaScript at all. However, a sigh of relief provided by him is that if files are viewed under the PowerPoint secure viewer, this program can’t execute itself. Still beware!