A variant of the Dridex banking malware has been attempted to be delivered using payloads placed on Slack and Discord CDNs in several recent phishing attempts.
Maldocs are attached to emails in these campaigns, which typically use an invoicebased or taxthemed social engineering bait. The sheet macro is run if the user selects contented.