Powerpoint has always been malicious, but now even a mouse-over can infect your PC

Powerpoint, the world’s most popular presentation software has been accused of killing critical thinking, causing untold economic damage by wasting productive time and even killing whole businesses.

Now in its latest trick, the application can also help infect your PC by simply mousing over a link in a malicious presentation.

Security researchers have discovered a new variant of the “Zusy” (AKA  Gootkit or OTLARD) malware which spreads via malicious Powerpoint files in spam emails with subjects such as “Purchase Order” or “Confirmation” followed by a serial number.

The infected Powerpoint files only include one slide with a link saying “Loading…Please Wait” that’s hyperlinked. If a user moves their mouse over the link PowerPoint executes Windows PowerShell with a script that downloads the actual malware.

Thankfully in most cases your system should pop up a warning as in the image above, unless you have already clicked “Enable All” or have disabled Protected Mode. The script is also not able to run in Powerpoint Viewer or on Powerpoint on the web.

Once executed the malware sets up a backdoor to establish an RDP connection your PC, giving attackers complete access to your system.

The malware is currently spreading across Europe, the Middle East, and Africa and users are as always advised to be suspicious of any unsolicited files, no matter what format.

Read more about the threat at Trend Micro here.