Malicious PowerPoint Spam Attachment Infects PCs Without Mouse Click

Funny enough, computer hackers sometimes don't get the credit they deserve when it comes to creating crafty methods for infecting PCs around the world. As it turns out, credit is due to a group of hackers who have initiated an aggressive spam campaign that spread malware that doesn't require a mouse click to infect your PC.

The recent spam email campaign sharing messages that only require you to hover your mouse over text within the attached file to load malware could very well be the beginning of a new type of method to spread malware. As scary as it sounds, the methodology of spreading malware through what is found as being a malicious PowerShell script has not yet been widely used by hackers. In fact, the recent spread of the campaign has drastically slowed down but still remains to be a threat to some.

According to computer security researchers out of Trend Micro and Dodge This Security, the method of spreading malware through hovering over a text link is spread through a recent spam email campaign, one that is targeted companies and organizations in Europe, Africa, and the Middle East. The spam messages carrying the malicious link, one that only requires that you place your mouse cursor on top of a link text, is usually contained within emails that have a finance-related subject line. In addition, some of the spam message subject lines contain an "Invoice" or "Order #" with an attached PowerPoint presentation. The opening of the attached PowerPoint file is required where you will only need to hover the mouse over a group of hyperlinked text. Once the cursor is over the malicious text link, a PowerShell script will start to run and then prompt for the download of malware, which the computer user's approval will be needed to do so.

Those who end up opening the spam message and have placed their mouse over the text in the malicious PowerPoint file attachment will end up downloading malicious files. It is believed that the malware contacts a designated command and control (c&c) server to download the malicious .jse file. Though, more modern versions of Microsoft Office that include the most recent versions of PowerPoint will help prevent the malware from being downloaded by sending users through a Protected View, which will prompt a warning about a "potential security concern." You must also note that older versions of PowerPoint will allow the malware to install without the extra layer of protection, which will essentially execute a downloader to install a Trojan virus on your system.

The malware that is currently loading through the spam campaign that exploits a no-click-required PowerPoint file attachment text link has been discovered to be one that steals your online account login credentials. Such a threat could easily pilfer through any stored online banking account information or your personal data to later be sent to hackers for the purpose of exploiting your identity or stealing money out of your account. Essentially, the possibilities of what can be accomplished by hackers targeting computers through this recent spam campaign are nearly endless and could result in many cases of identity theft.

It is highly advisable that computer users ensure they are running the latest version of their installed software, including Microsoft Office Suite applications, such as PowerPoint. Moreover, it would be beneficial to run an updated copy of trusted antivirus or antimalware software to detect and thwart malware like the Trojan virus spread by the no-click-link spam campaign.