HomeWinBuzzer NewsAttackers Are Using Microsoft PowerPoint to Install Malware and Enable Remote Code...

Attackers Are Using Microsoft PowerPoint to Install Malware and Enable Remote Code Execution

Attackers are using PowerPoint attachments in phishing emails to trigger an exploit and download malware that allows full control of a victim's computer. The issue was patched by Microsoft in April.


Hackers are getting more and more sophisticated, but that doesn't mean the old tricks don't still work. Security firm Trend Micro has reported that attackers are using the tried and tested email attachments to infect their victims.

Recently, however, there's been a shift from the use to Rich Text File attachments to 's own PowerPoint format. According to the firm, a phishing email is sent to users, often spoofing an invoice, and has a .ppsx file linked.

Downloading and opening the presentation reveals a slide with the text CVE-2017-8570, an older Office exploit that isn't actually used in the attack. Instead, it exploits CVE-2017-0199, which is used to start the infection process via PowerPoint animations.

First, it runs a file called logo.doc, an XML file that downloads then downloads RATMAN.EXE. This trojanized version of the Remcos software letsĀ attacks remotely execute code from anywhere in the world and uses an unknown .NET detector to make it harder to research.

From there, it can contact the Command and Control Server and take screenshots, record keystrokes, take video footage, and access the microphone. If that's not enough, attackers can quite easily take full control of the PC.

Fixed in April

Thankfully, Microsoft already addressed this issue in April via an update. Trend Micro suggests users “always patch their systems with the latest security update” to be safe.

On top of that, some basic email security won't go amiss. The use of PowerPoint makes it hard for anti-virus' to detect, and this isn't the first malware to utilize the software. As a result, users should ensure they only download files from known senders and be cautious even then.

You can find more information about mitigation on the official blog post.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News