MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Gompels Healthcare Ltd Invoice”.
This email is send from the spoofed address “Gompels Healthcare ltd <firstname.lastname@example.org>” and has the following body:
Please see attached pdf file for your invoice
Thank you for your business
The attached file fax00375039.DOC is a Word file with malicious macro.
The malware is detected as HEUR.VBA.Trojan.d or virus.macos.gen.33 by 2 of the 53 AV engines at Virus Total.
Malware will be downloaded by the malicious macro from the following locations:
The malware is detected as UDS:DangerousObject.Multi.Generic by 1 of the 54 AV engines at Virus Total.