downloads an innocent-looking PNG file

The attack begins with a carefully crafted email and an Excel file attached to it. Experts noted that the messages are customized for each target, which suggests that attackers are not interested in hitting random people or organizations.An open Excel file asks the victim to click the «Enable content» button, and if the user fulfills this requirement, the malicious spreadsheet runs built-in macros, which in turn open a hidden PowerShell window and load the script.The malware then downloads an innocent-looking PNG file from an image-sharing website such as Imgur or ImgBox. There is nothing in the image that would arouse suspicion, and since it is downloaded from a completely legitimate resource, it is unlikely to trigger any security warnings.