Fortiguard Labs has discovered a Word file with a previously unknown macro viruses that can infect both Mac OS and Windows. Injury program begins as a Visual Basic for Applications scripting (VBA macro) that try to run automatically.
If the macros are disabled or file appears in the browser can be seen just a picture and text that tries to trick the victim to open the file in Word on the PC and activate macros (by declaring it a "protected document" that can only be opened so) .
Once the macro is run decodes a base64-encoded Python script that is in the Word file's metadata comment. The script determines if it is running on Mac OS or Windows, and go with different methods for each system. In both cases, try the malware download new instructions from a server that is not currently active, but it is still there and run in the background so the person who opened the file could suffer later.