Cybercriminals hide malware in .ppam file
“In the constant battle between attackers and defenders, one certainty is that attackers will find new evasion techniques to bypass security software and other safeguards. In this instance, attackers have co-opted .ppam, an add-on file for Microsoft Powerpoint, to wrap malware within it. Now, finding ways around safeguards is just one part of the process. The other is convincing end-users to open such files on their systems. This is where social-engineering techniques come into play.
“There are a myriad of lures at the fingertips of cybercriminals. Be it purchase orders or invoices and delivery notifications designed to look legitimate. Some of the attachments included in such emails will exploit legacy vulnerabilities in Microsoft Office, while others rely on additional social engineering tactics, convincing users to enable Macro functionality within Microsoft Word, which will then download malicious payloads from external sources.
“It’s imperative for organisations to ensure they have the proper security solutions in place from gateway to endpoint to provide added layers of protection. For end-users, if you receive an email suspicious in nature, please notify your support or IT team to investigate.” – Satnam Narang, Staff Research Engineer, Tenable
