Experts at Trustwave have discovered a spam campaign composed of several hundred messages trying to serve Dridex trojan though XML documents. The malicious emails contain an XML files that pretend to be a legitimate remittance advice, or payment notifications. The previous campaign targeted UK banks with spam campaign, also in that case based on malicious attachments including malicious macros. The experts speculate that they are simply searching for a new attack vector that could be effective for their malicious campaigns. The attack doesnt seem to be all that sophisticated.”]
Source: https://securityaffairs.co/wordpress/34608/cyber-crime/dridex-trojan-via-macros-xml.html