Beware PowerPoint Files With Hidden Malware

Uploaded on 2022-02-07 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

There is an emerging trend in phishing campaigns that uses malicious PowerPoint documents to distribute various types of malware, including remote access and information-stealing trojans. Attackers are using specially crafted socially engineered emails with .ppam file attachments that hide malware.

This is just the latest stealthy way that threat actors have been using to target desktop users through trusted applications. These weaponised PowerPoint files are able to hide malicious executable malware and the malware can rewrite Windows registry settings on targeted machines, leading to devastating attacks for victims

Beginning in January 2022, researchers have observed attackers delivering socially engineered emails that include .ppam file attachments with malicious intent. In this attack, hackers are showing a generic purchase order email, a pretty standard phishing message. The file attached to the email is a .ppam file. A .ppam file is a PowerPoint add-on, which extends and adds certain capabilities. However, this file is actually wrapping a malicious process whereby the registry setting will be overwritten.

This attack method has been discovered by Avanan, a Check Point company and their researchers stated that the malware allows an attacher to take over an end user’s computer. 

The phishing emails are able to evade security detections and appear legitimate, according to Avanan, who have  released a report detailing the campaign and confirming that the file contains bonus commands, custom macros, and other malicious functions. This campaign was first identified in January when researchers observed attackers delivering socially engineered emails including the PowerPoint file attachments with malicious intent. 

One of the emails observed in the campaign consisted of the attacker pretending to be sending the recipient a purchase order. Although the attached file appeared legitimate, it contained a malicious executable. This email failed a Sender Policy Framework (SPF) check and there was no significant history with the sender.

Attackers typically use email to deliver malicious files or links that steal user information. To guard against these attacks, security professionals can do the following:

  • Implement protection that downloads all files in a sandbox and inspects them for malicious content.
  • Implement security that can dynamically analyse emails for indicators of compromise. 
  • Encourage end-users to contact IT fo security advice when opening an unfamiliar file.

This exploit is one of several new email-based campaigns recently uncovered to target desktop users working on commonly used word-processing and collaboration apps like Microsoft Office, Google Docs and Adobe Creative Cloud.

Avanan:    McAfee:       Oodaloop:     Threatpost:      Avanan:      Bleeping Computer:      Netskope:   

You Might Also Read: 

Auto-Redirects: A Harmful Detour:

 

« Spy Chief Warns US Government Is Classifying Too Much Data
The Cyber Skills Shortage Is Not Getting Any Better »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

rPeople Staffing

rPeople Staffing

rPeople provides direct placement in all areas of your organization, including and specializing in Technical and Executive hiring.

Covenco

Covenco

Covenco is a data management and IT infrastructure specialist. Working with customers to transform their IT environments, with data protection and security at the forefront of everything we do.

Hague Security Delta (HSD)

Hague Security Delta (HSD)

The Hague Security Delta Campus is home of the leading cyber security cluster in Europe with an Innovation Centre, labs and training facilities.

Silicom Denmark

Silicom Denmark

Silicom Denmark is a premier developer and supplier of FPGA-based interface cards for cyber-security, telecommss, financial trading and other sectors.

CUIng.org

CUIng.org

The CUIng initiative was launched to tackle the problem of criminal exploitation of information hiding techniques.

herdProtect

herdProtect

herdProtect is a second line of defense malware scanning platform powered by 68 anti-malware engines in the cloud.

Australian Cyber Collaboration Centre (Aus3C)

Australian Cyber Collaboration Centre (Aus3C)

The Australian Cyber Collaboration Centre (Aus3C) is committed to building cyber capacity and securing Australia's digital landscape.

Salt Cybersecurity

Salt Cybersecurity

Salt Cybersecurity offer a four-pronged approach to information security that includes Custom Security Policy, Vulnerability Assessment, Threat Detection, and Security Awareness Training.

SoloKeys

SoloKeys

SoloKeys provides the first open-source FIDO2 security key: Protect your online accounts against unauthorized access by using the most secure login method.

Onesecure Asia

Onesecure Asia

ONESECURE Asia’s expertise and services are built around its mission to provide reliable, robust and scalable technology solutions to cater for its customers’ needs.

SYN Ventures

SYN Ventures

SYN Ventures invests in disruptive, transformational solutions that reduce technology risk.

Infosec Institute

Infosec Institute

Infosec is a leading cybersecurity training company, we help IT and security professionals advance their careers with skills development and certifications.

Cybertech Nepal

Cybertech Nepal

Cybertech Nepal is committed to provide high-quality cyber security solutions, including server assessment and hardening, forensics and malware analysis, end-point threat analysis, and VAPT.

Fortreum

Fortreum

Fortreum aim to simplify cybersecurity in the marketplace to accelerate your business outcomes.

Next DLP

Next DLP

Next DLP (formerly Jazz Networks) is a leading provider of insider risk and data protection solutions.

Focus Group

Focus Group

Focus Group are one of the UK’s leading independent providers of essential business technology. Here to take care of all your telecoms, IT and connectivity services.