The xlsb attachment downloads a powershell which recover a zip document. Inside, there is the malware (aka Java RAT or jRAT).
A University of Michigan-Tokyo’s University of Electro-Communications joint research: Voice Assistants can be hacked, thanks of a vulnerability – dubbed “Light Commands” – in the devices’ microphone
Voice Assistants can be hacked thanks to laser. It has been unveiled by University of Michigan and Tokyo’s University of Electro-Communications cyber security experts in a joint research. They were able to use victim’s systems as Siri, Alexa or Google Assistant to unlock doors, do shopping on e-commerce websites at target’s expense, and locating, unlocking and starting a vehicle connected to the target’s account. This up to 110 metres and through glass. The vulnerability, dubbed “Light Commands”, lies in the devices’ microphone, where just five milliwatts of laser power (the equivalent of a laser pointer) was enough to move a smart speakers’ microphone’s diaphragm in the same way it would when hit with sound, such as a voice command. The movement generates electrical signals representing the command which the voice assistant can act on. Moreover, the same effect could be achieved in phones and tablets with about 60 milliwatts of power.