Experts have discovered a new wave of phishing campaigns spreading SVCReady malware. "The malware is notable for the unusual way it is delivered to target PCs — using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at HP, said in a report.

The campaign involves sending a Microsoft Word document via emails that contains VBA macros to deploy malicious payloads. The peculiarity of this campaign is that instead of employing PowerShell or MSHTA, the macro runs shellcode stored in the document properties. The shellcode subsequently drops the SVCReady malware.

Malicious software can do the following:

• gather system information;
• capture screenshots;
• run shell commands;
• download arbitrary files;
• deliver RedLine Stealer password stealing software.

Source: securitylab.ru