Mouseover On PowerPoint File Can Now Trigger Deadly Trojan Virus; WannaCry Lookalike Ransomware Hits Android Phones!


Trojan Virus

If you thought that clicking a virus infected file is the only way to trigger a virus, then think again.

Hackers have now developed a deadly Banking Trojan, which gets triggered when the user simply hovers the mouse over a Powerpoint file, attached in the mail.

Discovered by TrendMicro, this new and ‘innovative’ form of Trojan is usually sent in via email, to corporate employees, with a tempting subject line such as ‘Order # Delivered’ or ‘Invoice Is Unpaid’. Attached in the email is a Powerpoint file, infected with Trojan virus.

Out of curiosity, if the receiver simply hovers the mouse over the file, then Trojan is immediately triggered, infecting the computer, and subsequent network, if not detected.

TrendMicro said on their blog: “This technique is employed by a Trojan downloader (detected by Trend Micro as TROJ_POWHOV.A and P2KM_POWHOV.A)”

As per the analysis done, such Trojans were detected in spam emails sent to corporate emails across UK, Poland, Netherlands and Sweden.

spam mail

Some of the most common industries being affected currently are: manufacturing, device fabrication, education, logistics, and pyrotechnics.

Thankfully, these mouse-hovered powered Banking Trojans peaked on May 26th, after which the cases became less. But TrendMicro has warned that the hackers may unleash a new wave of such Trojans anytime now. In case a newer version of MS Office is being used, then there shall be a prompt to allow the file to run the script.

Hence, think twice before hovering the move over any suspicious looking email attachment.

WannaCry Lookalike Ransomware Hits Android Phones

WannaCry ransomware, which wreaks havoc across 300,000+ computers across 150 countries within 72 hours last month, has certainly created a fan base among hackers.

Chinese Android phones are right now being hit by a WannaCry lookalike ransomware, called WannaLocker. Spotted by Chinese security firm Qihoo 360, and analysed by Avast, this new ransomware is primarily being spread across Chinese games forums, especially disguised by a plugin for ‘King of Glory’ game.

Using AES encryption, this ransomware hides its app icon from the app drawer and changes the wallpaper of the infected Android phone to an anime image. Interestingly, in order to avoid crashing of Android OS, this ransomware doesn’t encrypt files which start with “.”, or those files which have “DCIM”, “download”, “miad”, ”Android” and “com.” in the path, or those files which are bigger than 10 KB.

Nikolaos Chrysaidos, head of mobile threat intelligence and security at Avast explained more about this ransomware by saying, “The ransomware then demands a ransom of 40 Chinese Renminbi, which is equivalent to about 5-6 US dollars. This is not much compared to what other mobile ransomware has demanded in the past.”

Another interesting fact: Unlike WannaCry, the ransom is not demanded in bitcoins, but in regular currencies using platforms such as Alipay, QQ and WeChat.

Avast has given security advice: “To protect your phone and valuable photos, videos, contacts stored on it from ransomware, make sure you frequently backup your data and install antivirus on all of your devices.”

Leave A Reply

Your email address will not be published.

who's online