{"id":7893,"date":"2017-06-08T12:11:03","date_gmt":"2017-06-08T20:11:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/06\/08\/news-1675\/"},"modified":"2017-06-08T12:11:03","modified_gmt":"2017-06-08T20:11:03","slug":"news-1675","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/06\/08\/news-1675\/","title":{"rendered":"New social engineering scheme triggers on mouse movement"},"content":{"rendered":"

Credit to Author: J\u00e9r\u00f4me Segura| Date: Thu, 08 Jun 2017 18:49:21 +0000<\/strong><\/p>\n

One of threat actors’ favorite malware delivery schemes is social engineering as it remains highly effective against a variety of targets. Malicious spam, in particular, is\u00a0one of the biggest threats enterprises are facing today in the form of\u00a0daily deliveries of fake invoices, contract, and other receipts.<\/p>\n

Those attachments can be scripts, PDFs, or Microsoft Office documents, the latter often containing macros designed to retrieve a malicious payload as soon as users activate them. Today we take a look at a sightly different delivery mechanism that does not rely on macros or exploits, but rather a built-in functionality in PowerPoint to run external programs.<\/p>\n

This attack abuses the hyperlink feature to\u00a0launch a\u00a0Powershell command\u00a0as soon as the user moves their mouse cursor over that link. The typical attack scenario is described in the diagram below.<\/p>\n

\"\"<\/a><\/p>\n

Malwarebytes <\/a>users were already protected against this threat thanks to our Application Behavior Protection:<\/p>\n

\"\"<\/p>\n

Time will tell whether this new infection vector gains popularity among the criminal element. The fact that it does not need a macro is novel and triggers on mouse activity is a clever move. There is no doubt threat actors will keep on coming up with various twists to abuse the human element.<\/p>\n

The post New social engineering scheme triggers on mouse movement<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: J\u00e9r\u00f4me Segura| Date: Thu, 08 Jun 2017 18:49:21 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
No macro, no exploit. This attack uses mouse movement to launch malicious code in booby-trapped documents.<\/p>\n

Categories: <\/p>\n