Palo Alto Networks’ Unit 42 division spotted a spam campaign attempting to deliver a malicious Microsoft Word document that uses the disguise of a NortonLifeLock-protected file. If a recipient opens the document via Microsoft Office Outlook, a prompt appears that asks users to enable content to open the document clicking yes executes macros. Once the user clicks Enable Content, the macro is executed and the user is presented with a password box. Malicious use of the NetSupport Manager remote access tool is being used to maliciously infect victims and allow remote code-execution.
Source: https://threatpost.com/netsupport-manager-rat-nortonlifelock-docs/153387/