To Customer Support To Customer Support

Using Microsoft Powerpoint as Malware Dropper

  • 16 November 2018
  • 3 replies
  • 2 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
November 16, 2018  By Pierluigi Paganini
 

Marco Ramilli, founder and CEO at cyber security firm Yoroi has explained how to use Microsoft Powerpoint as Malware Dropper

 Nowadays Microsoft office documents are often used to propagate Malware acting like dynamic droppers. Microsoft Excel embedding macros or Microsoft Word with user actions (like links or external OLE objects) are the main players in this “Office Dropping Arena”. When I figured out that a Microsoft Powerpoint was used to drop and to execute a Malicious payload I was amazed, it’s not so common (at least on my personal experiences), so I decided to write a little bit about it. The “attack-path” is very close to what it’s observable on modern threats since years: eMail campaign with an attached document and actionable text on it. In the beginning, the Microsoft Powerpoint presentation looked like a white blank page but performing a very interesting and hidden connection to hxxps://a.doko.moe/wraeop.sctFull Article.

3 replies

ProTruckDriver
Rank
Userlevel 7
This is one of the many reasons I'm transferring all my Microsoft Office documents to iWork documents on the Mac. ;)
Late 2015 ~ 5K ~ 27 inch iMac ~ macOS Catalina 10.15.7 ~ Clone & Backup with: SuperDuper - Time Machine & iCloud. PWM: RoboForm.  "An Apple a Day, Keeps Microsoft Away." 
TripleHelix
Rank
Userlevel 7
Badge +63
@ wrote:
This is one of the many reasons I'm transferring all my Microsoft Office documents to iWork documents on the Mac. ;)
All you have to do is make sure Macros are disabled within Office!
 

Daniel - Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station"
ProTruckDriver
Rank
Userlevel 7
@ interesting setting. I looked at the setting on the Mac, set up is a little different. But this is the setting by default:


Thank you Daniel. :D
 
Late 2015 ~ 5K ~ 27 inch iMac ~ macOS Catalina 10.15.7 ~ Clone & Backup with: SuperDuper - Time Machine & iCloud. PWM: RoboForm.  "An Apple a Day, Keeps Microsoft Away." 

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.