Researchers have found that cyber attackers are actively using malicious PowerPoint files to take over computers. They are sending socially engineered emails with .ppam file attachments that hide malware. This malware can rewrite Windows registry settings on targeted machines. This malware can is designed to evade security detections of the computer and appear legitimate.
A new report published by researchers from Avanan, a Check Point company, has uncovered this attack in detail. Attackers are using a ‘little-known add-on’ in PowerPoint – the .ppam file. The email attachment looks legitimate but includes a malicious executable.
The malware hidden in the attachment can install new programs, change file attributes, or dynamically call imported functions. This malware can also bypass a computer’s existing security including Google’s malware scanner. This is because the file is rarely used.
This is not the first time attackers are using a .ppam file for cyber attacks. Back in October, cybersecurity portal PCrisk reported a ransomware attack that used the .ppam file
If you do not want to fall into this trap, enable the protection that inspects downloads for malicious content or executed them in a sandbox. You should also avoid opening attachments of emails sent from unknown senders. Corporate users must take extra care while opening an email from an unknown sender. A malicious attachment can put the whole company into trouble.
