From the Article:
“When the user opens the document, he or she will be presented with text saying, “Loading…Please wait,” which is displayed as a blue hyperlink. When the user mouses over the text (which is the most common way users would check a hyperlink) it results in Powerpoint executing PowerShell. When that PowerShell is executed it reaches out to a malicious domain, downloading various executables and eventually establishing remote desktop protocol (RDP) for remote access to the system.”
“In this campaign, the PowerPoint file is attached to spam emails with titles like “Purchase Order #130527” and “Confirmation”.”
