New Malware Downloader Can Infect PCs Without A Mouse Click

An anonymous reader quotes Engadget: You think you're safe from malware since you never click suspicious-looking links, then somebody finds a way to infect your PC anyway. Security researchers have discovered that cybercriminals have recently started using a malware downloader that installs a banking Trojan to your computer even if you don't click anything. All it takes to trigger the download is to hover your mouse pointer over a hyperlink in a carrier PowerPoint file. According to researchers from Trend Micro and Dodge This Security the technique was used by a recent spam email campaign targeting companies and organizations in Europe, the Middle East and Africa. The emails' subjects were mostly finance-related, such as "Invoice" and "Order #," with an attached PowerPoint presentation. The PowerPoint file has a single hyperlink in the center that says "Loading... please wait" that has an embedded malicious PowerShell script. When you hover your mouse pointer over the link, it executes the script.
Trend Micro writes that "while the numbers aren't impressive, it can also be construed as a dry run for future campaigns, given the technique's seeming novelty," adding "It wouldn't be far-fetched for other malware like ransomware to follow suit."

No Clicks! Wow!

So, I receive a suspicious email, which I need to click on to open. That email contains a PowerPoint attachment, which I need to click on to open. Once done, I can be infected with a mouse-over rather than a click.

Zero-click malware. Meh.

Re:End user training.

[fyzikapan]

Every office worker? This is particularly nasty. You need one person to fall for it and stick the file on a SharePoint site or wherever. The rest is easy - people are conditioned to having to click the trust document button (or whatever it's called) every single time they open up an Office file. It's just a routine step in opening a file.