An invoice.docm runs a PowerShell script that downloads a spy wccom payload from a Discord CDN or Pastebin URL.
Open Task Scheduler (taskschd.msc). Browse through the task library. Delete any task named WacomUpdate, TabletMonitor, or with triggers every few minutes that execute wccom.exe.
Assumes SPY at $450, using weekly expirations:
| Leg | Action | Strike | Premium | |-----|--------|--------|---------| | 1 | Sell Call | $455 (lower short) | +$1.00 | | 2 | Buy Call | $460 (lower long) | -$0.50 | | 3 | Sell Call | $465 (upper short) | +$0.80 | | 4 | Buy Call | $470 (upper long) | -$0.30 | spy wccom
Net Credit: $1.00 – $0.50 + $0.80 – $0.30 = $1.00
Max Risk: ($5 width between short strikes) – $1.00 credit = $4.00
Breakevens: $456 and $464
Max Profit Zone: $460 – $465
This is a common privacy fear. The official Wacom driver (wccom) is not spyware—but Wacom does collect some telemetry. According to Wacom’s privacy policy, they may gather:
However, they do not record your screen, log your keystrokes, or send personal documents. If you want to disable Wacom telemetry: An invoice
Cybercriminals love to disguise their remote access trojans (RATs) and keyloggers with legitimate-sounding names. A fake wccom.exe might be:
When security researchers talk about a spy wccom threat, they are referring to malware that either:
| Metric | Value | |--------|-------| | Win rate | ~78% | | Avg credit | $0.95 | | Avg loss | $3.20 | | Profit factor | 1.85 | | Max drawdown (weekly) | 12% of capital | | Theta decay | Positive – accelerates 48–24 hrs to expiry | However, they do not record your screen, log
Note: Results assume 1-lot, no slippage, closed at 3:00 PM ET on expiration Friday.
Understanding the attack vector helps you prevent future infections. Most "spy wccom" cases originate from: