How the attack works
Attackers are embedding malware inside of PowerPoint files to hide malicious executables that have the ability to change windows registry settings without the user’s knowledge. Usually, unwanted programs become installed but in more extreme cases ransomware may be installed as well. This is especially dangerous because of how trusted a program that PowerPoint is and therefore keeps users’ guards down when opening a file of this type. What makes this very hard to detect is due to an add-on within PowerPoint itself which allows for malware to be cloaked by being coopted with the .ppam file.
Emails as a way of attack
The way this attack is usually done is through emails. The attacker will mass send emails to unsuspecting users about purchases or other lies to try and get them to open it on their desktops in order for the virus to manifest onto the computer. Due to the nature of the .ppam file being very rarely used in general, most email virus scanners won’t be able to detect it as an initial threat and therefore makes it that much more dangerous. Quite frightening to see that even a file that would seem as innocent as a PowerPoint file could be used for malicious intent. Although this is one of the more recently found attacks, there have been numerous cases of professionally trusted programs being used to disguise malware, Microsoft Office, Google Docs and even Adobe Cloud have all had their share of cases. This makes it all the more important for users to be able to recognize phishing-type attacks as well as have the proper protective measures in place to ensure malware does not have the chance to infect a user’s desktop system.
Protection from future attacks
Although there is never a way to be completely protected from attacks, especially ones that rely on phishing tactics, there are still some reliable ways to try and prevent them. The most effective way is to always stay informed of different attacks that are becoming popular and to be able to always recognize when a file seems to be malicious but for obvious reasons that is not always possible. One popular way to defend against malware emails is to download a program that actively protects users by downloading emails into a sandbox and scanning for any suspicious files before allowing users to interact with said files. A more basic and simpler method that should always be used to protect oneself from phishing attacks is to check the validity of the sender of an unfamiliar email. If the email address looks suspicious then it is definitely a good idea to always try to double-check and verify that the sender of the email or message is who they say they are.
References
https://www.cybertalk.org/2022/02/03/powerpoint-files-used-to-take-over-computers/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-powerpoint-documents-on-the-rise/
PowerPoint Files Abused to Take Over Computers
Great post!! Getting hacked through a software like power point seems so simple but yet complex at the same time. After reading many blog posts including yours I have come to realize that hackers tend to hide phishing emails in the most commonly used platforms. In this way no one suspects a thing because they think they are safe. However, you prove that with advancements in technology nothing is safe anymore. A phishing email could be sent to anyone anywhere. So, we just need to be extra careful and install good antivirus softwares.
I can see how an attack like this could be effective. Mass emails seem to be one of the classic ways of phishing. If you aren’t targetting a certain organization or person a mass email delivers the message to as many people as possible. I’ve heard of Microsoft word files being used to deliver malware, but never Powerpoints. I had never heard of .ppam files, and I would guess most casual office users are only familiar with .pptx files. As you said, an obscure file type is generally less likely to be detected by malware scanners, and I’d bet most people are less critical of them as well. As someone who has opened dubious “meme” powerpoints and always exits safety mode in Microsoft office because it’s inconvenient, I’d probably be pretty vulnerable to this type of attack if I wasn’t paying attention.
Great post. Using common files such as Powerpoint presentations have started to become an increasingly common attack vector, and one that personally scares me, as all of my malicious file instincts fall apart when I see a file type that makes sense, and that I recognize. I can see lots of people falling for these sorts of phishing attacks, especially if they’re properly disguised by the attacker, and I’d also wager that if these attacks continue to succeed, we’d see this manner of attack being far more common. On the bright side however, I can also see companies looking to patch out some of the access that these manner of common file based attacks can gain over a system, so that even if an attacker gains control, there wouldn’t be a whole lot that they can do. Yet they would have to strike a delicate balance between preventing attacks, and not compromising the functionality of their system.
Interesting post!
Cybercriminals have been using a new technique involving PowerPoint files and mouseover events to get users to run arbitrary code and download malware on their computers. Malicious actors frequently use specially crafted Office files, particularly Word documents, to deliver malware. At this point, we should be careful and don’t mess with unknown links.
Hi,
Very interesting post! One question that came to mind reading your post was, is there a difference in the file size of the malicious files? I have had Powerpoint files that ended up very large with all the attachments, so it might not make a difference but could be an indication of a bad file. I wonder if Microsoft has a similar scanning tool like Google does when you open an attachment file from your email in drive. If not, then I wonder if there is an argument that there should be. In regard to the email phishing, one of the dangerous “features” that used to be default on chrome (maybe it still is), is “Run Downloaded Files” which would like the name suggests run the files you download automatically after downloading.
Nice post! It seems that such common files are so familiar to everyone, so they assume they’re innocent. I’d usually picture most phishing scams as a link to a fake website, but they’re just getting increasingly creative and unsuspecting. The only solution that really seems to be adequate would be to be aware of the different types of scams and to be extra careful to avoid them.
This is a very interesting post. There are just so many ways that we have been discovering recently on how people have their information accessed by unwanted individuals. Something as routine and simple as downloading a powerpoint is now a possible threat. The only thing we can do in the time being is follow the excellent advice you provided to ensure that there is a less chance of this actually happening. Be careful with what you download!
Great post! I didn’t know that PowerPoint files could be used to place harmful viruses in an individual’s computer. Like you said a PowerPoint could be deemed as innocent but it could be used for malicious reasons, it seems so harmless yet it could be harmful. This is a great post for informing others about how something so simple can be so harmful, thank you for your insightful post!
Something absolutely new to me! Thanks for the post. I am surprised to get to know that the powerpoint files are even being now used for malicious intent. People especially working in a business background or even researchers like us often require to rely on presentation (ppt files), and it is quite normal to receive ppt files from colleagues, editors, journals, etc. whom we even don’t know in-person sometime. Most of the time, we just click on files to open for review, but as I just got to know about this stuff makes me think to be cautious from now on, as it might make me being hacked stealing confidential data. It also makes me think that we should think thrice before clicking on any link or file, even if that’s seemed to be sent from a known person.
Interesting article, I do notice that it is often the case that scammers will use well known platforms, such as PowerPoint, for their scams… This definitely gives the scams the appearance of legitimacy.
One thing that I have noticed in the very few scam emails that I have received is that no matter how legitimate looking they were, they never had the context needed to convince me that they were legitimate. For example, no I do not have a colleague named “Chris” who is sending me slides for a presentation next Thursday and no I did not enter a draw for a free Florida vacation, so in these cases I know not to open anything inside the email, even if they are legitimate PowerPoint slides or any other legitimate file type. However I can see the potential for danger if the hackers are able to impersonate or hack the email of someone you know, because in that case it makes much more likely that you will open the attachments. Even if the email contains unexpected attachments, there is the danger that one will simply open them out of curiosity. (“Oh Bob sent me a PowerPoint, he’s never done that before, wonder what could be on it…”)
Thanks for sharing! Hackers are definitely one of the most creative types of people. I’m wondering if because it’s a .ppam file, does it take away microsoft office’s “protected view” feature? When I open a PowerPoint or word document, I feel reassured that I’m first in the “protected view” before I begin to make changes to it or allow it access. I always thought this meant I had an extra layer of protection in case the file I opened had unwanted scripts and such. Your article has made me rethink how safe I think I am with powerpoint files!
That was an amazing post to read! Nowadays, Fraudsters start to be more smart inventing ways to gain access of information and perosnal data. As powerpoints became so common these days hackers tried to create way to access informations through files embedded in them. I myself use powerpoints alot and I also feel that it’s safe and secured but after reading that post I should become more cautious. I agree with your point that to protect oneself from these kinds of attacks, we should keep track of new attacks and try to recognise them. Overall it was a well explained and interesting post to read. Thanks!
Now, this was something I never heard before! But given that emails are the main approach to hacking unsuspecting individuals, identifying and verifying the email will be difficult. I may not be correct, but to help verify an email you can, for example, see if it matches a company you regularly receive emails from. However, these hackers will try to impersonate a company and they are often clever when doing this. It would be best to simply not open an email that is not what you are expecting (though they can impersonate an email you are expecting!). Gotta stay very vigilant for these emails and their malicious files!
This was a really good article to read! Yeah for me I never suspected powerpoint slides to be able to contain malware but it makes total sense as powerpoint is a program. I really enjoyed reading your section about how we can protect ourself from such attacks. It is when we let our guard down that we become the most susceptible to becoming hacked. As going on a sketchy website or seeing an email from our so called long lost uncle makes us weary but a powerpoint is often overlooked. Especially if the powerpoint is attached with a convincing web page or marketing email. Once again great article!
Its scary to think that programs a lot of us use probably quite often such as not just PowerPoint but as mentioned also Microsoft Office, Google Docs and Adobe Cloud could contain hidden malware to attack our systems. Like you said the easiest way to defend against these is to double check emails we do not recognize and not open them, but even these days some fake emails are getting more and more convincing.
Interesting post. It’s pretty scary to think that such a common and useful software like PowerPoint is being used for this purpose. Powerpoint is a very popular software, especially among us students as we use it for many of our assignments. Hiding malware in Powerpoint is pretty smart since not many people would expect it. This and the many other examples of malware that I’ve seen in other blog posts just go to show how hacking is constantly evolving. We definitely need to be aware of such attacks and need to keep our guard up.
This is very interesting! I didn’t know one could cause harm using powerpoint. I also feel like such documents/links that come from someone we trust we are more likely to install sorts of malware onto our computers without realizing it. I was able to get my sister to open up a code I created (it wasn’t harmful, it just created popups on her screen once she clicked on the file), but the point is that if someone was to receive an email from someone trusted to open a file that is seemingly harmless but could cause a lot of damage, what kind of other precautions could we take?
It’s intriguing to see how even powerpoint files are susceptible to containing malware. Many people, including myself until now, tend to have this idea that as long as the file isn’t an executable, they’re probably safe. Reading your article has challenged this idea of mine and has also better informed me. I appreciate that.
Great post!
As I know, some kinds of Macro viruses can be added to PowerPoint files. In this way, if these PowerPoint files are copied and pasted between computers, then the Macro viruses in these files can infect computers easily. The anti-virus application used for the Windows system installed on my laptop can detect Macro viruses in PowerPoint files automatically, it is called “Tencent PC Manager” (the link: https://guanjia.qq.com/). Unfortunately, I don’t think “Tencent PC Manager” has an English version.
I agree with your points in your blog, this is why I prefer the lecture notes provided by instructors to be in pdf files rather than in PowerPoint files.
Good Post! I can see how this particular type of attack can be rather effective (as other commenters have mentioned). PowerPoint is a very beginner-friendly software, and people (young and old) who are new to using it or are using it for the first time (however rare they may be nowadays) often trust PowerPoint and any of its associated files completely, due to its pre-installed nature. This means that phishing attacks launched as .ppam files can sneakily and easily infect one’s computer. I agree with the tips you provided as they would help defend against this type of sneaky attack.
This is an interesting article, the phishing attacks seem to have improved more significantly than previous years. I think these sort of attacks are more clever as they essentially are embedding the malware into a more trustworthy source such powerpoint or office software in general. The preventions you provide are pretty good aswell