Security News > 2020 > June > Crooks hijack “Black Lives Matter” to spread zombie malware
Sneakily, the crooks have broadened the reach of their attack by keeping their emails short and objective - the crooks very deliberately haven't taken a social or political position, but have instead invited recipients to comment anonymously on the issue.
As you can see, the yellow popup tries to discourage you from doing what the crooks say, warning you that macros are disabled for security reasons.
The malicious document is what's known as a downloader that, when we allowed it to run, fetched and installed a well-known strain of zombie malware called Trickbot.
The problem with document-based downloaders is that "What do they fetch?" cannot reliably be answered in advance, either, because the file that's served up for download can be changed by the crooks at will.
The multi-step approach used by malware like this means the crooks need to get away with less at each stage - the DOC file itself doesn't need the full and final malware built right in.