Hovering Mouse Over Hyperlink Causes Malware Infection

hovering-mouse-over-hyperlink-causes-malware-infection photo 1

Whenever we surf the Internet in the back of your mind is always the thought "be careful what you click on." Malicious links lead to PC infections, ransomware, ID theft, and potentially an expensive repair bill. So we are all careful. But what if malware could be installed without requiring a mouse click? Turns out it can.

Security vendor Trend Micro recently discovered a new method of delivering malware that doesn't require a mouse click to trigger. Instead, the infection happens when the user's mouse pointer is hovered over a link placed in a PowerPoint presentation slide. The link can be attached to text or an image.

hovering-mouse-over-hyperlink-causes-malware-infection photo 2

How effective this malware download method is depends on the version of Microsoft Office you are running. Older versions will allow a malicious PowerShell script to run, which in turn installs a banking trojan (a variant of the OTLARD trojan). Newer versions will throw up a "potential security risk" warning before the script can execute. As long as the user clicks the Disable button the script won't execute, but there's every chance a user won't register the warning and in haste click enable instead.


  • xLED Malware Steals Data Using Router LEDsxLED Malware Steals Data Using Router LEDs

The good news is, it's quite difficult to allow an infection to happen due to the multiple steps involved. The user has to be supplied with the malicious PowerPoint file vie an email, convinced to open it, and then must mouse over the "Loading... please wait" text present on the included slide. Even then, if PowerPoint has Protected Mode enabled, which it is by default on more recent versions, the script cannot run. It also won't run if you're using PowerPoint Online or Office 365's web mode.

Although the risk is small in this instance, it's worth highlighting because mouse hover is now a new attack vector. We are used to hovering a mouse pointer over things waiting for more information to appear. What software developers now need to ensure is that hovering cannot be used maliciously to execute code and cause a machine infection.

Recommended stories

Add a Hovering Image Toolbar to Firefox

When you work with webpage images in Firefox you normally have to use the Context Menu to do anything with them. The Image Toolbar extension provides an extra toolbar to use when you hover your mouse over webpage images.

Relax Hovering Mouse Over Hyperlink Causes Malware Infection stories

More stories