Wouldn’t it be scary if ransomware could be downloaded just by hovering over a link?
Currently there have been some report(s) regarding a new form of Malware that can be installed by hovering your cursor over infected text. This specific trick is being done on a variant of a trojan called OTLARD (also known as Gootkit).
The one saving grace here is we’re not talking about any old link on the internet. The infected links are specifically links embedded in Microsoft PowerPoint presentations. On older versions of PowerPoint, hovering over a link would load a preview. These versions of the software could be instructed to run a PowerShell script, which is how the malware reaches out to a server to install the trojan onto the device in question.
This comes with more good and bad news. The good news is that newer versions of Office (starting with Office 2010) a new feature called Office Protected View can be enabled that prevents scripts from running. The bad news is that it leaves anyone using an older version of PowerPoint (or a new one with Protected View disabled) as vulnerable,.
While this is a threat that effects Powerpoint links , it means there are versions/files of it that rely on email to be downloaded/opened. So what can you do? Keep training !
As a precaution, continue to discourage and train against downloading files and attachments from unknown sources. This malware currently only works on Powerpoint and you can continue to hover over regular links online as a precaution.