The document discusses the Loki malware which steals credentials by exploiting Microsoft Word macros. It begins by describing how a phishing attack could initiate by sending an email with a malicious Word file attachment. The macro would download and run Loki, which is able to bypass antivirus detection. Loki then unpacks itself further to load additional functionality for stealing credentials stored in browsers like Firefox and decrypting them using stolen encryption keys. It also installs a keylogger to steal passwords. The stolen credentials are sent to the Loki command and control server for the attackers to access. The document provides recommendations such as verifying email authenticity and not storing credentials or logging in as an administrator to help prevent credential theft by malware like Loki