Attention Microsoft PowerPoint Users: Hackers Use It to Spread Malware

Microsoft PowerPoint users should beware of hackers who are now using presentation files to start spreading malware.

Hackers allegedly used seemingly harmless PowerPoint or “.PPT” files to launch a malicious PowerShell script. In turn, it spreads malware to its targets.

(Photo: Sean Gallup/Getty Images)
In this photo, a young man types on a lighted computer keyboard usually preferred by computer coders on January 25, 2021 in Berlin, Germany.

Microsoft PowerPoint hackers use it to spread malware

According to the latest report from Bleeping Computer, it appears that hackers allegedly working for Russia are using Microsoft PowerPoint presentations to carry out a cyberattack.

The online media notes that threat actors are using mouse movement over PowerPoint presentations to start spreading malware.

Hackers specifically trigger a PowerShell script simply by relying on cursor movement. And as such, Bleeping Computer notes that attackers don’t need to use any malicious macro to launch the attack. This new method therefore seems more discreet than using a macro to spread nasty malware.

How Hackers Use PowerPoint Files in Cyber ​​Attacks

According to a report by the Cybersecurity Intelligence Company, Group25, a fake PowerPoint presentation is used to run a malicious PowerShell script.

Attention Microsoft PowerPoint Users: Hackers Use It to Spread Malware
(Photo: Spencer Platt/Getty Images)
NEW YORK – OCTOBER 21: Microsoft President and Chief Software Architect Bill Gates launches the new Microsoft Office system October 21, 2003 in New York City.

The report notes that the attack is triggered when the target enters full-screen presentation mode. And when the cursor moves, the PowerShell script starts downloading a JPEG file. At first glance, the DSC00002.jpeg file may seem completely harmless. But the hackers have hidden a DDL file in the JPEG which allows them to install malware.

Then, from there, the payload installs a portable executable file or PE, which contains malware.

Read also : Microsoft’s new update for MS Powerpoint lets users customize video presentations┃Is it good for hybrid setups?

Decoy PowerPoint File

Bleeping Computer adds in the same report that hackers use a PowerPoint file that includes two slides. Both teach their viewers how to use the interpretation feature on Zoom.

The decoy document used in the campaign looks like a typical business presentation with bulleted text. But that’s not what it seems.

Besides all those seemingly innocuous instructions on how to use the interpret option, it includes a nasty hyperlink underneath. And once it is triggered by mouse movement, it starts performing the attack.

Cluster25 notes that this new malware campaign started attracting targets in August and continued into September. But it seems attackers are working on it as early as January and February, the intelligence firm points out.

Research further reveals that the usual targets of these lura PPT files are government and defense departments of various countries in the European Union, as well as Eastern Europe.

Related article: Windows 11 2022 Update: Is it worth downloading? Microsoft brings an array of features for everyone

This article belongs to Tech Times

Written by Teejay Boris

ⓒ 2022 All rights reserved. Do not reproduce without permission.