As Microsoft blocks Office macros, hackers find new attack vectors

Gandalf_The_Grey

Level 71
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,933
Hackers who normally distributed malware via phishing attachments with malicious macros gradually changed tactics after Microsoft Office began blocking them by default, switching to new file types such as ISO, RAR, and Windows Shortcut (LNK) attachments.

VBA and XL4 Macros are small programs created to automate repetitive tasks in Microsoft Office applications, which threat actors abuse for loading, dropping, or installing malware via malicious Microsoft Office document attachments sent in phishing emails.

The reason for the switch is Microsoft announcing that they would end the massive abuse of the Office subsystem by automatically blocking macros by default and making it harder to activate them.

Although it took Microsoft a little longer to implement this Microsoft Office change, the block finally entered into effect last week.

However, the initial announcement alone convinced malware operators to move away from macros and begin experimenting with alternative methods to infect victims.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top