This Is A First: Spear Phishing Attack Uses Compromised PowerPoint Slide Deck

Spread the love

Bad guys are exploiting the CVE-2017-0199 vulnerability to bypass endpoint security software and deliver the Remcos remote access Trojan via Microsoft PowerPoint decks.

This particular flaw in the Windows Object Linking and Embedding (OLE) interface is normally used to deliver infected RTF documents, but researchers at Trend Micro have spotted cyber criminals using it to compromise PowerPoint slide show files for the first time. Critically, since most methods of detecting the CVE-2017-0199 vulnerability focus on the RTF attack method, the use of the PPSX PowerPoint as an attack vector means attackers can code the malware to avoid antivirus detection.

Click here for reuse options!