Researchers observed that some instances of the W97M/Downloader malware are now being served in compromised websites by a custom PHP dropper.
The big picture
“W97M/Downloader is a specially-crafted Microsoft Word document that, when opened, silently executes a malicious macro that connects to multiple remote servers to download and display additional components,” researchers described.
This malware campaign has primarily targeted the United States, Germany, India, and the United Kingdom.
How to stay protected?