#malicious documents

A new Orcinius Trojan has been discovered, employing VBA Stomping to hide its infection. The multi-stage trojan uses Dropbox and Google Docs to stay updated and deliver second-stage payloads.  Typically, VBA stomping removes the VBA source code in a Microsoft Office document, leaving only a compiled form of the macro code known as p-code in the document file.   “The malware contains an obfuscated…