The Google Docs online word processor is being used by attackers to disseminate TrickBot banking Trojan payloads to unsuspecting victims via executables camouflaged as PDF documents. […]

from https://www.bleepingcomputer.com/news/security/trickbot-bypasses-secure-email-gateway-using-google-docs-phishing/