Vulnerability in PowerPoint, which was patched by Microsoft last year is now being actively used to infect activists in Tibet and Hong Kong with malware. The attacks are part of a larger campaign that is taking place for years. Remarkably, however, the use of PowerPoint leak.
Previously used the attackers vulnerabilities in Microsoft Office respectively in 2010 and 2012. The use of the PowerPoint leak would for the first time in two years the trend. For the dissemination of the PowerPoint files as well as e-mail attachments using links to Google Drive. To warn activists against the risk of email attachments campaign "was Detach from Attachments "starts. It is just recommended to use cloud storage for sharing files, such as Google Drive.
The fact that the attackers now use Google Drive, according to the investigators as possibly an indication that the attackers adapt accordingly. When users open the PowerPoint updates from Microsoft are not installed and the presentation they can with a remote access Trojan (RAT) become infected. The malware would be recognized by a few virus scanners.
In total, the researchers saw the Canadian CitizenLab five campaigns where the PowerPoint leak was deployed. To let users do not suspect they get to see a real presentation, while the malware is installed in the background. "The recycled content, low detection scanners and that users do not know that these files are malicious, ensure that these attacks are worrying," the researchers said.
No comments:
Post a Comment