On 10 April, the cybersecurity company Proofpoint discovered an email campaign targeting the bug that aimed to distribute Dridex malware. Dridex is designed to infect a victim’s computer and snoop on banking logins.

In 2015, cyber-attackers stole more than GBP 20 mln from British bank accounts using this malware. The flaw discovered in many versions of Microsoft Word for Windows could allow malicious software, including Dridex, to be installed, according to cybersecurity researchers.

Microsoft did not confirm whether Mac versions of Word were also affected. Also, customers were encouraged to practise safe computing habits online, including exercising caution before opening unknown files and not downloading content from untrusted sources.

Proofpoint also urged Microsoft Word users to install the security updates quickly.