Researchers at Cisco Talos report that the Pony malware has started using an unusual distribution campaign. The notorious credential harvester has been hiding behind Microsoft Publisher documents. This file type is not a usual host for malware. This is not an isolated case, as .pub files have been used to transfer infections before.
Article Link: http://virusguides.com/pony-credential-stealer-masquerades-microsoft-publisher-documents/