This file contains a Word file which when opened will also use an automatic macro, but this time instead of recovering the data the entire Word files in the user’s directory will be overwritten and replaced with new ones versions. A connection to a server will also be established to download other files including an executable (.exe) which contains the Dridex malware. The latter will then be included in each Word file present on the machine.
The .exe file cannot be read by macOS, so file recovery from an Apple computer is not possible. The objective here is to infect as many Windows machines as possible, via Word document sharing, which happens daily in business. The user will not know that the document he is sharing is infected, his correspondents will open it in complete confidence and that’s it.
By replacing all of the Word documents present on the computer with infected copies, it is also very difficult to find the cause of the problem and to eradicate it.
It is therefore imperative to remain on your guard when you receive a suspicious attachment by email, especially if it does not come from a trusted contact, and to think twice before opening it.