A campaign of spam emails that use Microsoft Publisher attachments to infect companies with a Windows backdoor was disclosed by researchers Tuesday. According to a post on Bitdefender's HOTforSecurity blog, the emails impersonate employees at companies in China, the U.K., and other countries and contain attachments with fake customer orders and invoices.

The emails target small and midsized businesses that run Windows machines and number in the range of “a couple of thousand” malicious attachments, wrote Alexandra Gheorghe, a security specialist at the Romanian antivirus firm.

The file uses a Visual Basic script to embed a URL acting as a remote host. “Once the file is decrypted and installed, attackers have backdoor access and can control resources on the compromised computer,” Gheorghe wrote. The malware functions as a keylogger, records keystrokes, and gains password and login credentials from browsers or emails.