Latest in Gear

Image credit: Joerg Habermeier via Getty Images

Malware downloader infects your PC without a mouse click

The downloader installs a banking Trojan into your PC the moment your mouse pointer hovers over it.
2904 Shares
Share
Tweet
Share
Save
Joerg Habermeier via Getty Images

You think you're safe from malware since you never click suspicious-looking links, then somebody finds a way to infect your PC anyway. Security researchers have discovered that cybercriminals have recently started using a malware downloader that installs a banking Trojan to your computer even if you don't click anything. All it takes to trigger the download is to hover your mouse pointer over a hyperlink in a carrier PowerPoint file.

According to researchers from Trend Micro and Dodge This Security the technique was used by a recent spam email campaign targeting companies and organizations in Europe, the Middle East and Africa. The emails' subjects were mostly finance-related, such as "Invoice" and "Order #," with an attached PowerPoint presentation.

[Image credit: Trend Micro]

The PowerPoint file has a single hyperlink in the center that says "Loading... please wait" that has an embedded malicious PowerShell script. When you hover your mouse pointer over the link, it executes the script. If you're running a newer version of Microsoft Office, though, you'll still need to approve the malware's download before it infects your PC.

That's because the more modern versions of the suite has Protected View, which will show a prompt warning you about a "potential security concern" when the script starts running. Just click Disable, and you'll be fine. However, older versions of the suite don't have that extra layer of security. The downloader can install a Trojan virus into your system to steal your credentials and bank account information the moment your mouse pointer hovers over the link.

[Image credit: Trend Micro]

The good news is that the spam emails died down back on May 29th after peaking on the 25th with 1,444 detections by Trend Micro. Still, it's better to steer clear of similar emails, since it's always possible that the campaign in May was just a test run for a bigger one.

From around the web

ear iconeye icontext filevr