A newly discovered malware infection is masquerading in the form of a Microsoft PowerPoint file which downloads the infection as soon as users hover over a link.
The file is named as order&prsn.ppsx" or "order.ppsx" or "invoice.ppsx" and is sent as an attachment through email to victims with the subject line "RE:Purchase orders #69812" or "Fwd:Confirmation." The attachment may sometimes even contain zip files, which when extracted show the PowerPoint files.
While PowerPoint files are written as PPTX, this file that comes attached in the mail reads as PPSX. The file format is identical to PowerPoint files but they enter the PowerPoint presentation view directly when opened. On opening a blank page, there is a message written in bright blue font saying, "Loading Please Wait" which is the malicious link.
What makes the malware extremely dangerous is that users do not even have to click on this malicious link. The victims only need to hover over the link and the malicious code will be executed. Security researchers have spotted a booby-trapped PowerPoint file that will download malware to a computer whenever a victim hovers over a link; no macro scripts are required.
How to stay safe?
Microsoft is aware of the malware and has said if users have Windows Defender and Office 365 Advanced Threat Protection activated, they will remove the malware by signalling a threat and closing down the file. In case you do not have these activated, make sure not to open dodgy e-mails and read the file format extension carefully to spot the malware file.
Download SafeUM — communicate privately, without advertising and spam.
