Trojan Powmet are arriving as attachments to invoice and efax-related emails. In spoofed invoice mails, .xls attachments were used while spoofed efax email used .doc attachments.
Upon investigation, the attachments from these spam mails are detected as 'W2KM_POWLOAD.AUJTC'.
Attackers use urgency and the victim's lack of knowledge to trick them into opening attachments. Users are advised to carefully check the email they recieve and be cautious when opening attachments from emails.