A new attack tactic dubbed “mouseover” takes advantage of one of the most common actions taken by end users to infect machines with malware.
Researchers at Trend Micro have spotted the new attack technique which relies on users to hover over hyperlinked text and images in a Microsoft PowerPoint presentation to activate a Trojan, according to a Trend Micro blog post.
Researchers have spotted the same Trojan downloader in a spam email campaign in the EMEA region, impacting organizations in the manufacturing, device fabrication, education, logistics, and pyrotechnics industries. The “TROJ_POWHOV.A” Trojan is believed to be a variant of the OTLARD banking Trojan, an information-stealing Trojan that first appeared in 2012.
“Variants of OTLARD are also known to compromise websites via malicious iframe code,” Trend Micro Threat Analysts Rubio Wu and Marshall Chen wrote. “It downloads command modules containing the targeted website and its FTP credentials, which are then used to gain access to the website.”