New Word malware in email with subject “scan”


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “scan”.

This email is send from the spoofed addresses and has the following very short body:

Sent from my Samsung device

The attached file scan.docm is a Word file with malicious macro embedded.

The malware is detected by 9/57 AV engines at Virus Total. Malwr analysis shows that the macro will download a malicious file from the location hxxp://tixit.co.il/89yg7bnmmoi. At the moment of writing the host was temporary not accessible.