From asec.ahnlab.com
AhnLab SEcurity intelligence Center (ASEC) recently discovered that phishing files are being distributed via emails. The phishing files (HTML) attached to the emails prompt users to directly paste (CTRL+V) and run the commands.The threat actor sent emails about fee processing, operation instruction reviews, etc. to prompt recipients to open the attachments. When a user opens the HTML file, a background and a message disguised as MS Word appear. The message tells the user to click the “How to fix” button to view the Word document offline.