Security researchers discovered an attack campaign targeting Japanese users with a new variant of Ursnif banking malware. The campaign begins with a phishing email that attempts to trick unsuspecting Japanese users into enabling a weaponized Microsoft Office documents embedded macros. This results in the execution of several PowerShell commands that, in turn, download an image file. The image uses steganography to hide Bebloh, malware that pulls the malware down from the attackers command-and-control (C&C) server.”]
Source: https://securityintelligence.com/news/threat-actor-targets-japanese-users-with-new-ursnif-variant/