Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious 'scriptlets' to evade detection. A stealthy new attack distributes Loki malware in Microsoft Excel spreadsheets and other Office applications. This attack exploit CVE-2017-0199, a Microsoft Office/WordPad RCE security vulnerability with Windows API, which was patched in April 2017 and updated in September. The flaw exists in the way that Office and WordPad parse specially crafted files. Exploitation requires a victim to open or preview a malicious file.