We have gotten used to the malware samples that base their distribution on recognized and examined strategies. But what happens when viruses are modernized and uncharted methods for their transmission are tracked down?
Security researchers face a brand-new challenge which is explored by a very limited circle of hackers. Most of the Internet community are still adjusting to the common malware-transmission techniques, but now, another method should be discussed.
We first encountered Zusy malware back in the 2012 and its activity has slightly different over the years. We indicated it as “tiny but deadly” in our original article. Its main objectives were to steal users’ personal information and credentials that would help crooks access online banking accounts. Now, an old malware wolf is trying out new slopes and gaining attention with a novel distribution technique.
The explorers of new hacking-strategies commence a malicious spam campaign which will transmit the tricky payload. It has been determined that the infectious file is a PowerPoint executable which does use the usual technique to compromise users’ safety. It has been indicated that opening the presentation is close enough. Users will be informed that the file is “Loading… Please wait” and this is the moment that the Zusy malware has a chance to get implanted into an operating system. If you move your mouse over on the indicated statement, the PowerPoint will run Powershell. This process will end with a secretive infiltration of a payload of Zusy, placed in the Temp folder.
Crooks know that cautious users have been warned that they should move mouses over to links and check the actual location that it will lead. As it appears, this trick is no longer liable as this insignificant action can result in an infiltration of malware. Therefore, by following orders from security researchers, you can unknowingly become a victim of a little-known strategy.
Currently, security researchers doubt that this might become the “new big thing”. While this strategy is new, it appears to be easily blocked. For instance, if you are using a newer PowerPoint version, you will be warned about a possible malicious activity. If you have hovered with your mouse on links that were found in PP presentations, we suggest you to check if you do not have a guest named Zusy. This unwelcome bug will certainly be honored to receive the delight of collecting information about you.
Lastly, we advise you to keep yourself updated with every recently-detected strategy for malware distribution. Spam campaigns, distributing Zusy malware, have indicated to a send emails with deceptive titles. You could be asked to confirm a purchase or a similar action.
Source: dodgethissecurity.com