New Malware Infects PCs through Microsoft’s PowerPoint

Security researchers from Trend Micro recently unearthed how online criminals are abusing certain security flaw which lets them bypass AV solutions for thrusting malicious software using Microsoft PowerPoint.

Already affecting Windows' Object Linking and Embedding interface, the flaw has been earlier exploited in attacks for thrusting tainted .RFT (Rich Text File) docs. The researchers got aware that crooks were currently infecting PowerPoint files for pushing malware.

The malicious software happens to be one banking Trojan created for gaining access to some anonymous end-user remotely; and similar access to monitor network traffic as well as other sinister capabilities. The Trojan gets delivered chiefly through a spam mail that has one PPS (PowerPoint Show) file. The PowerPoint Show files are different from the normal PPTX and PPT files because they're not possible to edit. Besides, they're possible to open solely through presentation else slideshow methods. News.thewindowsclub.com posted this online dated August 17, 2017.

While embedded to the spam mail, the infected PowerPoint attachment dupes recipients into believing there is shipping information inside it. If viewed, the attached document activates an exploit pertaining to vulnerability -CVE-2017-0199 that subsequently contaminates the victims' computers. For running the malware, the show animations utility of PowerPoint is used that then lets it for pulling down one document containing the file logo that subsequently runs certain file known as RATMAN.EXE with the help of PowerShell.

The executable happens to be the remote access tool Remcos in Trojanized version which enables attackers to screenlog, keylog, intercept the webcam and microphone of computers as well as download and execute more malicious programs. Thereafter, the attacker wholly compromises the end-user's system that often is unnoticeable to the end-user.

Worse still, the malware utilizes one unfamiliar .NET protector that prevents its analysis by security researchers. Eventually, because detection of CVE-2017-0199 is via concentrating on RTF documents, by using PowerPoint files, the crooks manage to bypass AV programs.

Back during April, Microsoft issued a patch for the security flaw. It's recommended that every end-user load it onto his computer while remain watchful for e-mails of the types utilized within the above described attacks.

» SPAMfighter News - 8/23/2017