The runtime environment of this script does not matter how variable names are. The variable name would be fine, although it was a random combination of letters and numbers, 'said researcher Victor Cornell at PhishMe. 'The people behind this malicious code choose their own themes for their variables, thus revealing their interests'.
According to an independent researcher at MalwareHunter, this scenario has been exploited for several weeks. Below is IOC information.
File name: SCNMSG00001018.vbs
MD5: 170ae05fb405e9f2b2a4474739b75a66
SHA256: fc89d30e245a8b166af2e17b2d7b6835ff15999d746b91214edcfdc7b9c5db35