An array of phishing emails harboring Word attachments with embedded macros have been infecting systems with a deadly malware and ransomware duo. The campaign appears to have begun targeting victims on Dec. 17, researchers at Carbon Black said. The attack harvests credentials, gathers system and process information, and then encrypts data in order to extort payments from victims. No additional data is available on the number of victims in the campaign, Carbon Black researchers said. Researchers said they have located roughly 180 Word document variants in the wild.
Source: https://threatpost.com/phishing-gandcrab-ursnif/141182/