A new social engineering attack has been discovered in the wild, which doesn’t require users to enable macros; instead it executes malware on a targeted system using PowerShell commands embedded inside a PowerPoint (PPT) file.
In the past attackers have been successful by using macros-based techniques to infiltrate users. Microsoft had since addressed the issue by allowing users to easily disable the use of macros. Now it has come to light that attackers have gone one step further and found a way to hack users without the use of macros.
Researchers at Security firm SentinelOne have discovered that a group of hackers is using malicious PowerPoint files to distribute ‘Zusy,’ a banking Trojan, also known as ‘Tinba’ (Tiny Banker). Back in 2012, ‘Zusy’ was discovered to be a trojan which targets banking websites. It has the ability to log network traffic and even insert additional ‘fake’ forms into banking websites in order to capture personal data. Fast forwarding to 2017, Zusy has a new variant and is this time attaching itself to PowerPoint files posing as a ‘Purchase Order’. When a user opens the PowerPoint file, the malicious program will connect itself to the malicious domain where it downloads and executes a file.
This newly discovered attack does not rely on Macros, Javascript or VBA for the execution method. It follows the same process as a phishing scam email where if you were to click on the link it would automatically download the malicious file. Opening the PowerPoint file will intiate the download.
Users are advised to do a thorough scan on all files before opening them. If possible, to open files on a separate laptop/desktop of little importance – if everything looks good, stick it on a USB and transfer it to the main system.
IntelliTeK are always up to date with the latest threats to emails and IT security which is why we only partner with the best in the industry. If your company isn’t fully equipped to fend off cyber criminals, then get in touch with us so we can discuss your options. Call us on 1300 768 779, email us at info@intellitek.com.au, fill out the web form, or have a Live Chat with us below.