Security is always a worry when surfing the web – even more so nowadays when considering large-scale attacks such as the WannaCry ransomware. If you click on the wrong link, you might find your computer infected, held hostage, or worse. However, a new kind of malware makes this threat even scarier; it can be installed on your PC without a single click, needing you to simply hover your cursor over the infected link.
Tend Micro, a security vendor, recently discovered this malware method inside a PowerPoint presentation slide. The malicious link can be attached to either text or an image. The effectiveness of this link is dependent on the version of Microsoft Office you are running; the newer version will pop up a “potential security risk” warning before the script can run, whereas the older ones will allow it automatically. On the newer version, the user then has the option to disable the script.
Despite the nefarious nature of this malware, it’s still difficult to become infected. According to PC Mag, “The user has to be supplied with the malicious PowerPoint file via an email, open it, and then mouse over the ‘Loading… please wait’ text present on the included slide. Even then, if PowerPoint has Protected Mode enabled, which it is by default on more recent versions, the script cannot run. It also won’t run if you’re using PowerPoint Online or Office 365’s web mode.”
Although this particular attack isn’t all that worrying, it’s the method that is making people nervous. It’s in the nature of many internet users to hover a link to learn new information, and now that previously safe method could become compromised. Now is a better time than ever to check your computer’s security.