In the past, in order to see the true URL of a website, email address or file – all you had to do was hover your mouse over a link to verify that you were going to be sent in the right direction. Now, attackers have found a way to exploit even that.
A new banking Trojan has been spreading and infecting users without them clicking on a link, just as they hover over them. Thus far, it’s been seen in a PowerPoint attachment with a hyperlink labeled “Loading…Please wait”, but it’s anticipated to branch out to other document types as well.
Newer versions of PowerPoint will open into protected view by default, and warn the user before the attack occurs…but the warning concerns an untrusted document, not malware. Unfortunately, these warnings happen almost every time an attachment is opened, and many people click through them without thinking.
In other words, you no longer need to click on the actual link, just placing your cursor over it to expose the URL is enough to launch the script and allow your computer to be infected. Oh, and then click through the same tired warning you’ve clicked through 100s of time before…
This is a first for an Office based attack: no real “action” needs to be taken by the user, just a mouse over to kick it off. And, even though this has only been seen in PowerPoint, we will most likely see similar attacks using Word or Excel.
In the past, we have recommended hovering over links to make sure they go where they claim to, but as always with cybersecurity, we have to adapt and protect ourselves and our clients from the constantly evolving threats. Now, more than ever, it’s important that we are cautious of what emails and attachments we open. If you have questions about something or you’re not sure – bring it to your organization’s security or IT experts before you do anything, or reach out to us. We’re happy to help, and it’s better to be safe than sorry!