1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • PowerPoint is being used as a lure to spread malware

    From TechnologyDaily@1337:1/100 to All on Tue Jan 25 14:30:04 2022
    PowerPoint is being used as a lure to spread malware

    Date:
    Tue, 25 Jan 2022 14:08:05 +0000

    Description:
    Most recent campaign distributes two RATs and a cryptocurrency stealer using PowerPoint files.

    FULL STORY ======================================================================

    Threat actors are increasingly turning towards Microsoft PowerPoint files to distribute different types of malware .

    New Netskope research found that since the end of 2021, numerous hacking groups started using legitimate cloud services to host PowerPoint files
    which, with the help of the dreaded macros, can deploy all kinds of nasties into target devices.

    Netskope says that three families of malware dominate: Warzone (aka
    AveMaria), and AgentTesla - both of which are powerful Remote Access Trojans (RAT), as well as cryptocurrency stealers. Hijacking the clipboard to steal bitcoin

    The researchers claim the PowerPoint file carries with it an obfuscated
    macro, that gets executed by a combination of built-in Windows tools, PowerShell, and MSHTA.

    Once executed, the VBS script creates a new Windows entry, and executes two additional scripts, one that downloads AgentTesla , while the other one disables the Windows built-in antivirus solution, Microsoft Defender.

    While its a known fact that AgentTesla steals browser passwords, keystrokes, clipboard contents, and similar data, very little is known (and shared by Netskope) about Warzone.

    The third payload is a cryptocurrency stealer, which scans the clipboard for data that matches a cryptocurrency wallet. If it finds it, the next time the victim copies a cryptocurrency wallet, it will paste a different one, belonging to the attackers.

    Office macros have been the staple of malware distribution for ages. Theyre a tool which allows Office files to contain embedded code, written in the
    Visual Basic for Applications (VBA) programming language. The code can hold multiple commands that can be recorded and replayed later. Initially designed to help automate repetitive tasks, theyve since been hijacked by criminals abusing them to distribute malware.

    It has gotten to the point where Microsoft disabled Excel 4.0 macros by default to keep the users safe. Here's our list of the best firewall tools right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/powerpoint-is-being-used-as-a-lure-to-spread-ma lware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)