Skip to main content

Just hovering over a link in PowerPoint can now infect your system with malware

researchers use ambient light sensor data to steal browser exhausted man computer problems desk hacking hackers malware frust
Shutterstock
Most often, you need to actually click on a link or run a program in order to get infected with a virus or other malware. Sometimes, however, black hat hackers figure out a way to infect a machine without the user doing anything at all.

That is the case with a new PowerPoint malware, which was discovered security company Trend Micro. This particular attack merely needs users to hover over a link with their mice in order to install a banking Trojan that has remote access, network traffic monitoring, information access, and other nefarious capabilities.

The Trojan is delivered to users in a spam email with a PowerPoint Show (PPS) or Open EML Slide Show (PPSX) file attached. These files are different from the usual PowerPoint files (PPT and PPTX) in that they can not be edited and they only open in presentation or slideshow modes.

Malicious links are embedded in the PowerPoint slides that use the mouseover action to execute code that seeks to install the Trojan. For users with Protected View turned on in later versions of Microsoft Office, a security prompt pops up that the user must click through in order to enable the installation. As usual, users should never click “Enable” in such dialog boxes unless they are absolutely certain of what is actually going to run. Needless to say, clicking “Enable All” almost universally a bad idea.

Trend Micro
Trend Micro

On older versions of Office, however, or those without Protected View turned on, then the installation proceeds without any notice to the user or need for anything to be actively enabled. That makes this particular piece of malware particularly insidious and difficult to protect against. Note that Office 365’s web mode and PowerPoint Online are not affected by the attack.

The lesson here, first, is to make sure that Protected View is turned on in your Office applications. You can check on this by going to File, then Options, then Trust Center then click on the Trust Center Settings button. There, you want to select Protected View and make sure all of the options are checked. You can also look at your Macro settings while you are there and turn those off unless you’re sure you need them — Office Macros are another vector of attack.

Mark Coppock/Digital Trends
Mark Coppock/Digital Trends

It is bad enough that our machines can be infected by hackers who trick us into clicking on links and running programs. The fact that we can get infected without doing anything at all is even worse — and means we need to be even more vigilant in ensuring that all of the various security features for our software and hardware are turned on and properly updated.

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more