A new finance spam campaign with HTML attachments has been discovered that utilizes Google’s public DNS resolver to retrieve JavaScript commands embedded in a domain’s TXT record. These commands will then redirect a user’s browser to a aggressive trading advertisement site, which has been reported as a scam. The campaign is being targeted at people in the United Kingdom and the associated IP addresses have previously been utilized by the Necurs botnet. In most cases, they will either be either malicious documents or malicious documents that will infect you with malware or viruses.
Source: https://www.bleepingcomputer.com/news/security/new-spam-campaign-controlled-by-attackers-via-dns-txt-records/