[ALERT] ADVISORY ON “HOVER WITH POWER" ATTACK VIA POWERPOINT FILES

Submitted by irteam on Mon, 04/13/2020 - 14:52

Background Description:

A novel hack called “Hover with Power” allows an attacker to create a mouse-over in a PowerPoint file which would trigger the download of malware when a user hovers over a link in the presentation. Utilizing an element of social engineering, the user would then have to accept a pop-up dialogue box to run or install the program. The executable file can also be run from a remote server by using the ‘HyperLink To” action. This attack affects .ppsx files which are designed to play presentations and can’t be edited.

Impact:

  • Allows remote content editing and reading 
  • May install malicious software on the system

Recommendation:

  • Practice good computing habits 
  • Be cautious when clicking on links, opening unknown files or accepting file transfers  
  • Delete or ignore emails from suspicious senders 
  • Read the file format extension carefully to spot malware files 
  • Update your operating system  
  • Update antivirus and all applications 
  • Make sure security settings are in place: 
    •  Firewall is ON 
    • Always ON User Access Control to notify when apps try to make changes on the computer