A group of hackers is using the remote desktop ActiveX control in Word documents to automatically execute on Windows 10 a malware downloader called Ostap that was seen recently adopted by TrickBot for delivery. The threat actor delivered the malicious documents via phishing emails disguised as notifications of a missing payment. The malicious code for Ostap downloader is present in the document in font that has the same color as the background, making it invisible to the human eye. The attackers did not populate the “server”” field in the MsRDPClient10NotSafeForScripting class
Source: