Hackers are becoming more and more innovative when it comes to finding ways to infect your computer. This time, you could get infected if you so much as hover your mouse over a link embedded in a malicious PowerPoint file.
According to security firm Trend Micro, this technique is employed by a Trojan downloader which has been uncovered in a recent spam email campaign in the EMEA region, particularly organizations across the United Kingdom, the Netherlands, Sweden, and Poland.
“The Trojan downloader we monitored and analyzed had a variant of OTLARD banking Trojan as payload (TROJ_ OTLARD.TY). OTLARD, also known as Gootkit, emerged as early as 2012 and soon evolved into an information-stealing Trojan with persistence, remote access, network traffic monitoring, and browser manipulation capabilities. In fact, OTLARD/Gootkit was used in a spam campaign in France last 2015, whose spammed messages masqueraded as a letter from the French Ministry of Justice,” Trend Micro researchers state.
Gootkit is known for stealing credentials and bank account information from victims across Europe. Usually, its operators use malware-laced macros hidden in documents to deliver the payload, but this type is a completely new method.
Potential test run
This particular spam campaign reached a peak on May 25 with 1,444 detections, dropping to half the next day and dying down by May 29. This may very well have been a test run for the attackers, trying out the new technique.
Researchers are particularly worried about this new recipe being used for other types of malware, like ransomware.