The attacks involve the use of weaponized documents with malicious macros that create a reverse shell, allowing the attackers to gain control over the compromised systems.
Microsoft’s block on Visual Basic for Applications (VBA) macros has led attackers to experiment with different file types, with XLL files now being used as a means to distribute malware.