New attack technology: cybercriminals use PowerPoint presentations to spread malware – Penetration Testing

According to foreign media reported on June 5, security experts recently found that cybercriminals are using a new type of attack technology to spread malware, that is, through PowerPoint presentations to induce users to download and execute malicious code in the system.

It is reported that cybercriminals use the hovering of the target victim’s mouse to automatically execute the PowerShell code that comes with the malicious PowerPoint file. Currently, attachments named “order.ppsx” or “invoice.ppsx” are being sent via spam, and their subject matter includes “Purchase Order # 130527” and “Confirmation Letter”.

The survey shows that when a user opens a PowerPoint presentation, they see a blue hyperlink that is “Loading … Please wait”. If the user hover over the link, it will fire the PowerShell code even if it does not click. Once the user opens the document, the PowerShell code will be connected to the “cccn.nl” domain name and download the file responsible for the delivery of the malware program.

The security researcher says that the security feature protected by the view in the user device informs the user of operational risk and prompts the user to enable or disable the operation. In addition, SentinelOne researchers in the analysis of the attack also observed that cybercriminals use the technology to spread the bank Trojans Zusy, Tinba and Tiny Banker new variants.

The post New attack technology: cybercriminals use PowerPoint presentations to spread malware appeared first on Penetration Testing. http://ift.tt/2qVfaJd http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s