Researchers have detected a new modular downloader in large campaigns primarily hitting financial institutions. Researchers say the modular nature of Marap lets actors add new capabilities or download additional modules after a system is already infected. This malware is part of a growing trend of small, versatile malware which gives attackers more flexibility to launch attacks and detect systems that could lead to more damaging compromise. Researchers have so far seen it download a system fingerprinting module that performs reconnaissance, they write in a blog post. The emails contained Microsoft Excel Web Query files, password-protected ZIP files, PDFs with embedded Query files and Word documents containing macros.”]
Source: https://www.darkreading.com/attacks-breaches/marap-malware-appears-targeting-financial-sector