Cybersecurity company Anomali analyzed six documents with malicious code placed inside Microsoft Word documents. Researchers believe the adversary behind the campaign may be the FIN7 cybercrime group that specializes in stealing payment card data. The code is obfuscated to hinder analysis but there are ways to clean it of the surplus and leave only the relevant strings. Researchers found that the included VBScript relies on some values encoded inside a hidden table in the document to perform language checks on the infected computer. It is unclear how the malicious files were delivered but phishing email is typically how it happens.”]