Hackers use PowerPoint files for 'mouseover' malware delivery


Hackers believed to work for Russia have started using a new code execution technique that relies on mouse movement in Microsoft PowerPoint presentations to trigger a malicious PowerShell script.

No malicious macro is necessary for the malicious code to execute and download the payload, for a more insidious attack.

A report from threat intelligence company Cluster25 says that APT28 (a.k.a. ‘Fancy Bear’), a threat group attributed to the Russian GRU (Main Intelligence Directorate of the Russian General Staff), have used the new technique to deliver the Graphite malware as recently as September 9.

The threat actor lures targets with a PowerPoint (.PPT) file allegedly linked to the Organization for Economic Co-operation and Development (OECD), an intergovernmental organization working towards stimulating economic progress and trade worldwide.
Read more: Hackers use PowerPoint files for 'mouseover' malware delivery

A Guy
 
Back
Top Bottom