Just hovering your computer mouse over a hyperlink can get your computer infected

  • 96

In a new kind of attack, cybercriminals are infecting computers with a banking Trojan simply by fooling users into hovering over a link embedded in a malicious PowerPoint file.

Attackers are sending malicious PowerPoint Show (PPS) or Open XML Slide Show (PPSX) to users via spam emails. These files only open in slideshow modes and are different from the normal PowerPoint files (PPT and PPTX). When the targeted user downloads and opens such a file, a slide containing the below hyperlink gets displayed.


Fig 1

If the user hovers their mouse over this link, it tries to execute a code which installs a banking Trojan on the computer. Users who have the ‘Protected View‘ feature turned ON (newer versions of Windows), receive a security warning (fig 2) with ‘Enable’, ‘Enable All’, and ‘Disable’ options. Clicking on ‘Enable’ or ‘Enable All’ executes the malicious code which ultimately infects the computer with the Trojan. Clicking on ‘Disable’ will stop the infection from getting executed.

Therefore, users with older versions of Windows or those who do not have the ‘Protected View’ ON are the most vulnerable to this infection. Simply hovering over the link will have their computer infected without any notice.

Once installed, this banking Trojan can allow the attacker control the infected computer remotely, access stored information and perform a host of other malicious activities.

FIg 2

Fig 2

How Quick Heal helps
Quick Heal offers multilayered protection against this attack.

– Quick Heal detects this malware as JS.Nemucod.DSG.

Quick Heal Web Security detects and blocks the malicious link which is responsible for downloading the malware.

Fig 3

Fig 3

– Quick Heal Virus Protection detects the malicious Slide Show (PPSX) file as OLE.PS.Downloader.2352

Fig 4

Fig 4

Security measures you must take
1) On receiving any security prompts, such as the one above, it is safer not to proceed. You can always consult a computer expert if you are not sure about what to do.
2) Never click on links or download attachments that come with unexpected, unwanted or unknown emails.
3) Install an antivirus software that offers layers of protection. This helps detects and blocks such threats on multiple levels. And keep the software up-to-date.
4) Apply all recommended security updates (patches) to your Operating System, programs like Adobe, Java, Internet Browsers, etc.
5) It is always a good security practice to keep a secure backup of your important data.
6) Use strong and unique passwords for your online accounts.



Subject Matter Expert

  • Anita Ladkat | Quick Heal Security Labs
Quick Heal Security Labs

Quick Heal Security Labs


Your email address will not be published.


  1. Avatar Mithun BhattachariyaJune 28, 2017 at 2:50 PM

    I cannot update your product from the update options. it take more times. but not any response.
    how way i do it?

    • Rajiv Singha Rajiv SinghaJune 29, 2017 at 7:42 PM

      Hi Mithun,

      Thank you for writing in. Our support engineers would gladly help you with this issue. Please call us on our toll-free no. 1800-121-7377 or visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.

      Team Quick Heal

  2. Avatar bhubaneswar gungahJune 28, 2017 at 6:30 PM

    thanks for awareness