Banking trojan executes when targets hover over link in PowerPoint doc

The method—which was used in a recent spam campaign that attempted to install a bank-fraud backdoor alternately known as Zusy, OTLARD, and Gootkit—is notable because it didn't rely on macros, visual basic scripts, or JavaScript to deliver its payload.

Instead, the delivery technique made use of the Windows PowerShell tool, which was invoked when targets hovered over a booby-trapped hyperlink embedded in the attached PowerPoint document.