Another round of malware is hitting corporate computers, media in the U.K. said Monday (June 5), with attackers disguising the malicious attack as a Microsoft PowerPoint presentation.
Reports in International Business Times said the files are being sent as “order&prsn.ppsx” or “order.ppsx” or “invoice.ppsx” as an attachment on emails. The subject line reads “RE:Purchase orders #69812” or “FWD:Confirmation.”
The malware attack has all the hallmarks of a Business Email Compromise scam, which often disguises itself as a seemingly legitimate email in an effort to get a professional in the workplace to open the email, subsequently downloading the malware virus.
Even if recipients hover over the link in the fake PowerPoint email, reports said, their computer gets infected with the malware virus. The email reportedly includes a zip file as an attachment which, if opened, actually contains a PowerPoint.
But genuine PowerPoint files are PPTX, not PPSX, as the malicious malware virus emails use. When clicked on, the file opens to a blank page with the words “Loading Please Wait.” Reports said this is the malicious link that includes malware virus.
Microsoft is reportedly aware of the attack and noted that users should deploy Windows Defender and Office 365 Advanced Threat Protection, which will remove the malware virus. But those without these protections should not open suspicious emails.
The Business Email Compromise is a common tactic of cybercriminals posing as legitimate executives, corporate partners or suppliers in an effort to get recipients to open the email.
Microsoft is a favorite target for cybercriminals. WannaCry, the ransomware that infected corporate computers the world over this year, targeted devices running Microsoft, taking advantage of the ability to spread within a network because of Microsoft cybersecurity vulnerabilities, analysts said.