The new technique was noticed by several cybersecurity researchers – with dodgethissecurity doing an extensive analysis. The information security blog reported that an attack begins with the target receiving an email containing an attached PowerPoint document.
When the presentation is opened, the target sees a “Loading….Please Wait” message. As with many hyperlinks this appears blue. When the victim follows their natural inclination to hover their cursor over the “hyperlink” to check where it links, the document executes a PowerShell command.