Microsoft’s PowerPoint is the latest mechanism for delivering malware.
TrendMicroreports today that a new method “abuses PowerPoint Slide show — the first time we have seen this approach used in the wild before.” The scheme apparently targets companies in the electronics industry.
“The exploit arrives as a spear-phishing email attachment, purportedly from a cable manufacturing provider, that drops a remote access tool as its final payload,” TrendMicro writes.
The message refers to “the specified order.” But the user who opens the message will receive “a PPSX file that shows the following when clicked: CVE-2017-8570,” TrendMicro continues.
However, the malware apparently exploits CVE-2017-0199, “a leftover mistake from the toolkit developer, which the sender did not choose to change,” TrendMicro notes.
But there was no danger to Microsoft users who had received updates.
“Given that Microsoft already addressed this vulnerability back in April, users with updated patches are safe from these attacks,” TrendMicro continues. “Cases like this highlight the need for users to be cautious when opening files or clicking links in their emails — even if they come from seemingly legitimate sources.”
In a separate episode, banking customers are being victimized with “a notorious banking Trojan,” according to ZDNet.
Uncovered by security researchers at Cyren, the latest Trickbot distribution campaign sent over 75,000 emails in 25 minutes, all claiming to be from Lloyds Bank, one of the UK's biggest banks,” ZDNet writes.
It adds: “Emails were sent with the subject 'Incoming BACs', a reference to BACS, a system that allows users to make payments directly from one email account to another. The emails claim that the target needs to review and sign attached documents.”