Researchers from Cofense have discovered a new malspam campaign that delivers fake eFax messages to drop a banking Trojan and RAT cocktail via malicious Microsoft Word attachments. The Dridex banking Trojan is used to collect credentials from web browsers and to exfiltrate them to their own servers. The RMS RAT is a legitimate remote control toolkit that allows the attackers to go undetected and undergo all their nefarious tasks. Some of the scripts used for the same websites are tagged as ‘Zeus’ injects, another banking Trojan used for information stealing.
Source: https://www.bleepingcomputer.com/news/security/dridex-banking-trojan-rms-rat-dropped-via-fake-efax-messages/