• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
WebSetNet

WebSetNet

Technology News

  • Technology News
    • Mobile
    • Games
  • Internet Marketing
  • System Admin
    • Windows
    • Linux
    • Mac & Apple
    • Website Scripts
      • Wordpress

Zusy PowerPoint Malware does not need Macros to spread

August 5, 2020 by Martin6

 

Malware often comes in a package that looks harmless. As soon as the victim clicks on it, malware starts spreading like an open can of worms and takes control of the victim’s PC. Typically, in such attacks, when the user enables the Macros, the malware gets executed. However, it seems the new malware doesn’t even require the macros packaging for it to spread. One of such latest threat is Zusy PowerPoint Malware. As the name suggests, this malware spreads through PowerPoint attachments.

Malware

Office Macros are basically small bits of code written in Visual Basic (VBA), that allow you to carry out select repetitive tasks. They are useful by themselves, but many a times malware writers misuse this functionality to introduce malware into your computer system.

A Macro virus is a virus that takes advantage of Macros that run in Microsoft Office applications such as the Microsoft Word, PowerPoint or Excel. Cyber criminals send you a macro-infested payload or a file which will later on download a malicious script, via email and use a subject line that interests or provokes you into opening the document. When you open the document, a macro runs to execute whatever the task the criminal wants.

Zusy PowerPoint Malware

As reported by SentinelOne Labs, Zusy PowerPoint Malware is spreading as a PowerPoint file attached to spam emails with titles like “Purchase Order #130527” and “Confirmation”. As mentioned before, this malware doesn’t require the user to enable macros to execute. Most Office malware need users to activate the macros to download some executable payload, which does most of the malicious stuff. However, Zusy PowerPoint Malware uses an external program feature to spread its malicious activities.

SentinelOne Labs gives the sample details of the Zusy Malware. These are as follows:

Sample SHA256es:

  • PowerPoint dropper: 796a386b43f12b99568f55166e339fcf43a4792d292bdd05dafa97ee32518921.
  • First-stage JSE payload: 55821b2be825629d6674884d93006440d131f77bed216d36ea20e4930a280302
  • Second-stage EXE payload 55c69d2b82addd7a0cd3bebe910cd42b7343bd3faa7593356bcdca13dd73a0ef

Their report also mentions how Zusy malware works:

When the user opens the malicious PowerPoint file, it shows a screen with a single link that says “Loading…Please wait”:

When the user hovers over the URL the malware comes into action. Only hovering causes PowerPoint to execute an external program. SentinelOne Labs mentions, it’s powershell plus a small script which downloads an additional payload.

But, the malware doesn’t start spreading or even the code doesn’t execute automatically as soon as the file is opened. Users get a severe warning from both Office 2013 and Office 2010 by default. The malware comes into action only when users enable external programs; because they’re lazy, in a hurry, or they’re only used to blocking macros. Also, some configurations may possibly be more permissive in executing external programs than they are with macros.

The interesting part is the PowerPoint viewer doesn’t seem to be vulnerable at all because it refuses to execute the program. The Zusy PowerPoint Malware gets executed through a shell command.

SentinelOne Labs is still investigating this malware in more details. Users are suggested not opening any unknown or suspicious Office attachment to avoid the attack of any such malware. For more information on Zusy PowerPoint Malware, read the report by SentinelOne Labs.

Source

Related posts:

  1. 14 PowerPoint Presentation Tips to Make More Creative Slideshows [+ Templates]
  2. How to Record a Macro in Excel
  3. Managing Macro Security in Office 2016
  4. How to Insert a PDF into PowerPoint
  5. SlideModel Review, Free Account, Business Power Point (2019)
  6. Sophisticated new Android malware marks the latest evolution of mobile ransomware
  7. 5 Infographics to Teach You How to Easily Make Infographics in PowerPoint [Free Templates]
  8. Attacker uses tricky technique of Excel 4.0 in Malspam campaign
  9. How to Add Speaker Notes in PowerPoint
  10. Zusy Malware: Malicious Attack Installs Via Mouseover

Filed Under: Uncategorized

Primary Sidebar

Trending

  • How to fix Windows Update Error 80244019
  • Windows 10 Update keeps failing with error 0x8007001f – 0x20006
  • How To Change Netflix Download Location In Windows 10
  • Troubleshoot Outlook “Not implemented” Unable to Send Email Error
  • How do I enable or disable Alt Gr key on Windows 10 keyboard
  • How To Install Android App APK on Samsung Tizen OS Device
  • 3 Ways To Open PST File Without Office Outlook In Windows 10
  • FIX: Windows Update error 0x800f0986
  • How to Retrieve Deleted Messages on Snapchat
  • Latest Samsung Galaxy Note 20 leak is a spec dump revealing key features
  • Install Android 7.0 Nougat ROM on Galaxy Core 2 SM-G355H
  • 192.168.1.1 Login, Admin Page, Username, Password | Wireless Router Settings
  • Websites to Watch Movies Online – 10+ Best Websites Without SignUp/Downloading
  • How to Backup SMS Messages on Your Android Smartphone
  • How to delete a blank page at the end of a Microsoft Word document
  • Fix: The Disc Image File Is Corrupted Error In Windows 10
  • Android 11 Custom ROM List – Unofficially Update Your Android Phone!
  • Samsung Galaxy Z Fold 3 could be scheduled for June 2021, with S Pen support

Footer

Tags

Amazon amazon prime amazon prime video Apple Application software epic games Galaxy Note 20 Galaxy S22 Plus Galaxy S22 Ultra Google Sheets headphones Huawei icloud Instagram instant gaming ip address iPhone iphone 12 iphone 13 iphone 13 pro max macOS Microsoft Microsoft Edge Mobile app office 365 outlook Pixel 6 Samsung Galaxy Samsung Galaxy Book 2 Pro 360 Samsung Galaxy Tab S8 Smartphone speedtest speed test teams tiktok Twitter vpn WhatsApp whatsapp web Windows 10 Windows 11 Changes Windows 11 Release Windows 11 Update Windows Subsystem For Android Windows 11 Xiaomi

Archives

  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org