Skip to main content

PowerPoint File Can Install Malware On Your System

By June 20, 2017May 24th, 2021Cybersecurity

The fact that Microsoft Office Products (Word, PowerPoint and Excel) can be used to install malware onto an unsuspecting user’s computer has been common knowledge for years. But recently, security researchers at SentinelOne have discovered a new technique being used by a group of hackers that poses a serious threat.

In general, it’s fairly easy to prevent poisoned Microsoft Office files from doing any damage, because the traditional approach hackers have been using relies on macros. If you disable macros on your system, then even if you download and open the poisoned file, it won’t be able to do any harm.

That’s not the case with this new threat, however, which makes it dangerous.

The hackers have figured out a way to PowerShell code, injected into a PowerPoint presentation file to install malware without having to rely on macros at all.

Even worse, you don’t even have to open the file. Simply hovering over the link to the attachment is enough to initiate the installation in the background. In practice, the way this works is as follows:

A user hovers over the link and the PowerShell code activates. If your version of Microsoft Office has the Protected View security feature enabled, you’ll get a warning about the file, and have an opportunity to close out of it without any ill effects. If not, you won’t get a warning at all, and the poisoned file will install its payload. The same thing will happen if you disregard the warning, even if Protected View is enabled.

So far, the research team has uncovered two types of malware being installed via this new methodology: Zusy and Tinba, both banking Trojans, but clearly, any type of malware can be inserted via this methodology.

This goes to show that simply disabling macros isn’t enough anymore. Be very careful when opening PowerPoint attachments, even from people you know. To do less could prove costly in more ways than one!

Jason Manteiga

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.

Leave a Reply