Attackers are targeting potential victims using a malicious AutoHotkey script to avoid detection and to steal information, to drop more payloads, and to remotely access compromised machines using TeamViewer. Attackers deliver a decoy Excel Macro-Enabled Workbook email attachment named Military Financing.xlsm to trick potential targets into enabling macros to view the file’s contents. The malicious script will be executed and will automatically connect to its command-and-control server downloading more scripts on to the compromised machine.
Source: https://www.bleepingcomputer.com/news/security/malicious-autohotkey-scripts-used-to-steal-info-remotely-access-systems/