A new Emotet Trojan variant has been observed in the wild with the added ability to hide from anti-malware software by embedding malicious macros used to drop the main payload inside XML files disguised as Word documents. Menlo Security observed two variants of the malware distributed by the mid-January campaign. The Trojan is known to be very active, showing up in new malware campaigns almost every month, from October when it was updated to steal victims’ emails going back six months and November when it moved its Command & Control infrastructure to the US.
Source: https://www.bleepingcomputer.com/news/security/emotet-uses-camouflaged-malicious-macros-to-avoid-antivirus-detection/