The KeyBoy attacker group is using publicly available exploit code for two Microsoft security flaws to infect vulnerable machines with malware. The group sent a phishing email to Indias ambassador to Ethiopia from an email address at nic.in. The email arrived with an attachment that executed a script containing the public exploit code. The script downloaded malware known as TSSL that came with the FakeRun loader and the TClient backdoor, which allowed the attacker group to download additional threats and maintain a presence on an infected system.”]