VERY IMPORTANT

Recently, Trustwave researchers observed a malware spam campaign leveraging the current COVID-19 situation. The emails were sent from a compromised mailbox using a mailer script. The message contains a link leading to a Word document. The email takes advantage of a COVID-19 test mandate as a pretext to lure the unsuspecting user into clicking the link and downloading the document. The initial downloaded Word document has no malicious code. But once the victim opens the Word document, it will try to retrieve a malicious macro-enabled template from a remote server. The technique is known as Remote Template Injection and is commonly used to evade static detection.