Attackers are using built-in emails with .ppam file attachments that hide malicious software that can rewrite Windows registration settings on targeted machines.
Attackers are using the radar-powered PowerPoint file to hide malicious objects that can rewrite Windows registration settings to control a user’s computer, the researchers found.
It is one of the most intriguing ways that intimidating actors have recently identified computer users with trusted applications that they use daily, using emails designed to avoid security detection and appear legitimate. A new study from Avanan, a Check Point company, found that a “lesser-known addition” to PowerPoint – a .ppam file – was used to hide malicious software. Jeremy Fuchs, a cybersecurity researcher and analyst at Avanan, wrote in a report published Thursday that the file contains bonus commands and custom macros, among other functions.
Read More: https://threatpost.com/powerpoint-abused-take-over-computers/178182/