Virus causes Ukrainian users to upload confidential documents to VirusTotal

A rare multi-module virus called OfflRouter has been infecting Word documents in Ukraine since 2015. The virus consists of a VBA macro and a .NET executable module that infects documents using Office Interop classes. It causes potentially confidential documents from Ukrainian organizations to be uploaded to public repositories. The virus is likely the work of an inexperienced but inventive developer and has remained confined to Ukraine due to design choices and coding mistakes.