Most of the macro nasties of late have been trying to download the Dridex banking trojan, however
the last couple of days it appears these payloads have switched over to the Shifu Banking Trojan.
"The Trojan is designed to steal a wide range of banking related
information such as usernames and passwords to financial accounts,
credentials that users key into HTTP forms, private certificates, and
even external authentication tokens used by some banks, researchers say...
...Shifu also is capable of stealing data from smartcards if it
discovers a smartcard reader attached to the compromised endpoint. The
malware can search for and steal from cryptocurrency wallets on infected
systems and can detect if it has landed on a point-of-sale system, in
which case it proceeds to steal payment card data as well."
An additional key point is that Shifu also wipes the local System Restore point on infected machines :(