Malware Exploits Microsoft PowerPoint Vulnerability
A new malware campaign has been sent into the wild, and most security programs are not detecting it. Remcos, the malware variant, is bypassing detection by exploiting a Microsoft PowerPoint vulnerability. Remcos is hidden within a malicious attachment that is being distributed via email. The email is disguised as an order request from a falsified business partner. Once a victim opens the email and clicks on the malicious link, a vulnerability number will pop up. However, the number is not identifying the security gap in the PowerPoint program. The file logo document is then downloaded. ZDNet reported,
“This downloaded logo.doc contains XML and JavaScript code, which runs PowerShell to execute a file called ‘RATMAN.EXE’, a Trojanised version of the Remcos remote access tool, which then connects to a command and control server.”
Once installed, the malware can obtain access to the entire PC, without the user knowing.
Fortunately, the security gap was patched by Microsoft in April of this year. However, that does not mean all users have updated their program. To patch this specific vulnerability, click here.