Criminals use many and varied methods to distribute malware. One such method that has become increasingly common in recent years is to use malicious macros.
So, what Is a ‘Macro’ Anyway?
A macro is a set of commands and instructions that can be grouped as a single command in order to quickly and automatically accomplish a task.
Microsoft Office macros are made using the computer programming language Visual Basic for Applications (VBA). You can think of them as tiny computer programs that can be built to complete particular tasks.
Macros can be very helpful in some workflows and can be quite complex. But, complex macros can be created to perform evil deeds as well as good.
In years gone by, macro viruses were common computer security threats. But, for the last several years, they have been much less significant because later versions of Microsoft Office disabled macros by default.
Alas, many users may have either forgotten about or have no knowledge of macro risks.
To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free! Can you help us stay online?
How do Criminals Use Macros to Distribute Malware?
Typically, malicious macros are distributed via emails that include seemingly harmless Microsoft Word or other types of Microsoft Office documents. The scam emails often masquerade as invoices, fax notifications, job applications, or various other common business messages.
When you attempt to open the attached document, you will be prompted to enable macros to view it. The prompt may claim that the document is protected for security reasons and you must turn macros on to access it. But, if you comply with the prompt, a malicious macro may then download and install malware on your computer.
Once installed, the malware may harvest information from your computer and send it to criminals. Or, it might lock up all of your computer’s files and then demand that you pay a ransom to unlock them.
You Will Never Need to Enable Macros to View Ordinary Documents
Do not believe any message that claims that you must enable macros in order to view a simple document such as an invoice or job application. There is no valid reason why macros would need to be enabled to read such standard documents.
While macros can certainly be useful in some workflows, it is best to leave them disabled if you do not use them and are unfamiliar with their potential security risks.
This report is a brief overview of a quite complex topic. If you would like to read more in-depth information about macro malware threats, the following resources should help:
- Sophos: Macro Viruses: What They Are, and How to Avoid Them
- Macro-enabled documents for downloading Malware
- Digital Guardian: WHAT IS MACRO MALWARE?
Since you’ve read this far……can I ask you for a big favour?
To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.
If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.
You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.