A vulnerability in the Windows Object Linking Embedding (OLE) interface is being exploited by cybercriminals through Microsoft PowerPoint in order to install malware.
According to a report by security firm Trend Micro, the interface is commonly exploited by the use of malicious Rich Text File (RTF) documents. The new discovery, however, takes advantage of PowerPoint slideshows.
As is so often the case,, it all begins in a phishing email that contains an attachment. The message appears to be some sort of order request, with the attached file supposedly containing shipping details.
Looking closely, the provided document is a PPSX file. This is a type of PowerPoint file that only allows the playback of the slideshow, and is not editable. Should the receiver download and open it, the content will only display the text ‘CVE-2017-8570,’ a reference to a different vulnerability for Microsoft Office.
The file will instead trigger an exploit for the CVE-2017-0199 vulnerability, and will then start to infect the host computer, with malicious code being run through PowerPoint animations. Subsequently, a file called ‘logo.doc’ will be downloaded.
Remcos can record keystrokes, take screenshots, record videos and audio, and download even more malware. It can also give the attacker full control of the infected computer.
To make things worse, the malicious file uses an unknown .NET protector, which makes it difficult for security researchers to analyse it. Ultimately, since the detection methods for CVE-2017-0199 focuses on RTF files, the use of PowerPoint files allows attackers to evade antivirus detections.
Trend Micro does note, however, that Microsoft has already addressed the vulnerability back in April. This helps protect systems running the latest patches.
All things considered, cases like this emphasize the need to be careful in downloading not just email attachments, but also everything on the internet. It is also recommended to keep your software updated, in order to help block the latest attacks that could compromise the security of your computer systems.