Posted in Network Security; Tagged social engineering, powerpoint, ppt, macros, malware, powershell, zusy, tinba, financial, cybersecurity, cyber attack, cyber threat, spam email; Posted 11 months ago
Please Contact Us for questions about the acquisition, product support, or account management.here.
Security researchers have discovered a new social engineering attack in the wild that involves PowerPoint files. This attack is unique in that it does not first require users to enable macros, but instead executes malware on a targeted system with PowerShell commands embedded within a PowerPoint (PPT) file.
Further, the malicious PowerShell code hiding within the PowerPoint document is activated with a mere mouse hover over the link within a compromised email, downloading an additional payload on the victim’s machine, even without actually clicking said link. These malicious PowerPoint files have been found attached to spam emails with subjects like “Purchase Order” or “Confirmation.”
This attack can be stopped with the Protected View security feature, which comes enabled by default in most supported versions of Office. This warns the user and offers the ability to enable or disable the content. If users allow the content to run, the malicious program will connect to the malicious domain and the malware will be delivered.
The hackers responsible for this attack are utilizing the malicious PowerPoint files to distribute “Zusy,” a banking Trojan, also known as “Tinba.”
Zusy was first discovered in 2012 and is a banking Trojan that targets financial websites. It is capable of performing Man-in-the-Browser attacks, injecting additional forms into banking websites that ask victims to share more critical data such as credit card numbers and authentication tokens.
For more on how to keep your information safe, click here.