The malware campaign uses well-crafted Microsoft word document that exploits patched vulnerability in Microsoft office to drop a new malware referred as 'KeyBoy', according to Rapid7.
The first document found by the researchers targeting users from Vietnam is written in Vietnamese and is about reviewing and discussing best practices for teaching scientific topics.
The second document found by the researchers is written in English with title "All INDIA Bharat Sanchar Nigam Limited Executives' Association". The title suggests the document is designed to target Indians. The report says the document pretends to be authored by someone called Amir Kumar Gupta.
Once the crafted-documents opened, it attempts to exploit known remote code execution vulnerabilities in Microsoft office. If successful, the documents installs a backdoor malware dubbed as 'KeyBoy'.
After analyzing the malware, researchers identified a code that is designed to steal the login credentials stored in the Firefox and Internet explorer browsers.