TrickBot banking trojan has added a Windows 10 ActiveX control to execute malicious macros in boobytrapped documents. At least two dozen documents have come to light in the last few weeks that use ActiveX to trigger malicious macros. The malicious OSTAP JavaScript downloader is hidden in white-colored letters in between the content, so it s not visible to people, but can be seen by machines. TrickBot was developed in 2016 as a banking malware to succeed the Dyre banking malware, but since then, it has developed into an all-purpose, module-based solution targeted specifically to corporations.
Source: https://threatpost.com/trickbot-activex-control-dropper/153370/