Capitalizing on the popularity of space topics, hackers send enthusiastic users the document “Geos-Rates.docx”, which contains a photo of a cluster of galaxies. When opened, the buyer is amazed by what he sees and does not realize that a malicious file has been uploaded to the system – it is Base64 encrypted and turns into a 64-bit executable.
When installed, a hidden VBS macro is loaded into the system. All this leads to a successful phishing attack designed to steal user data in the long run.
Source: Ferra