Background:
A novel hack called “Hover with Power” allows an attacker to create a mouse-over in a PowerPoint file which would trigger the download of malware when a user hovers over a link in the presentation. Utilizing an element of social engineering, the user would then have to accept a pop-up dialogue box to run or install the program. The executable file can also be run from a remote server by using the ‘HyperLink To” action. This attack affects .ppsx files which are designed to play presentations and can’t be edited.
Impact:
- Allows remote content editing and reading
- May install malicious software on the system
Recommendation:
- Practice good computing habits
- Be cautious when clicking on links, opening unknown files or accepting file transfers
- Delete or ignore emails from suspicious senders
- Read the file format extension carefully to spot malware files
- Update your operating system
- Update antivirus and all applications
- Make sure security settings are in place:
- Firewall is ON
- Always ON User Access Control to notify when apps try to make changes on the computer