If someone thinks that it's enough for me to open files from unknown sources and do not click on links to stay away from viruses, they are wrong. Researchers of information security found that cybercriminals began to use malicious application loaders, which install a banking Trojan on the computer without a single mouse click. For downloading, just hover over the hyperlink in the PowerPoint file.

Experts from Trend Micro and Dodge This Security found that this method is used in a recent email spam campaign. The goal is companies in Europe, the Middle East and Africa. The title of the letter is usually associated with financial affairs, the attached file is a presentation in PowerPoint.

In this file there is one hyperlink, which says "Loading. Please wait ». Inside the built-in malicious PowerShell script. If you drag the mouse over the hyperlink, the script is launched. If you have a modern version of Microsoft Office installed on your computer, the user must allow the download of malicious code before it reaches your computer. Modern versions of Office have a Protected View protection mechanism that displays a warning window about a potential security risk when the script starts.

It is enough to click on the "Disconnect" button and the threat will be fixed. Otherwise, the bootloader can install the Trojan on the computer to steal information about bank accounts.

Fortunately, the company spreading spam came to naught on May 29, its peak occurred on May 25, when Trend Micro recorded 1444 cases. It is possible that this was just a trial run and larger attacks are yet to come. For this reason, you should stay away from such emails and do not run the files contained in them.