SonicWall Capture Labs threat research team detailed an infection chain that employs booby-trapped Excel spreadsheets as a starting point to drop a trojan known as Orcinius.
https://blog.sonicwall.com/en-us/2024/06/new-orcinius-trojan-uses-vba-stomping-to-mask-infection/
"This is a multi-stage trojan that is using Dropbox and Google Docs to download second-stage payloads and stay updated," the company said.