They are called malware macros and are malicious programs hidden in the macros of Word documents or Excel spreadsheets that, when enabled, execute scripts that can inject malicious code into target systems or perform arbitrary operations. Here’s how to defend yourself
The terms macro malware or macro virus refers to a type of malicious software that uses VBA (Visual Basic for Applications) programming in Microsoft Office macros to distribute viruses, worms, and other forms of system infections. The phenomenon of macro malware is growing all over the world.
What is Macro Malware
Office macros, we remind you, are codes or procedures that execute instructions in bulk, execute commands that allow you to speed up the most frequently used operations, such as editing and formatting a text and more complex operations.
However, these macro-functions can also be used to create malicious software that can compromise the operating system in various ways when executed through Excel spreadsheets and Word documents.
Although initially, a macro was nothing more than a tool that allowed you to record specific sequences of actions to have them always available for execution within the program in use and did not include any programming language.
Over time, macros have acquired VBA scripts’ functional characteristics, achieving greater efficiency and implementation complexity (for example, in an Excel spreadsheet the execution of mathematical and logical functions are essentially macros).
Macro Malware: How They Work
Once the attachment is opened in all these cases if the automatic request to enable macro commands is followed to display the content correctly, scripts will be executed to inject malicious code into systems and perform other arbitrarily.
With inappropriate use of this legitimate tool, infections can distribute malware of various kinds to collect sensitive data, impersonate the victim’s identity, empty bank accounts or as a bridgehead to inject ransomware or other forms of malicious code.
The infamous Emotet, Trickbot and Ursnif, to name a few, causing severe privacy and security problems with data loss and permanent damage to the affected systems.
Countermeasures and precautions against Macro Malware
To protect yourself from macro malware, it is therefore advisable, when opening a file with the extension .doc, .docx, .xls, .xlsx containing macro functions, never to confirm the requests to deactivate the protection, regardless of whether you know the source, but instead view the file in read-only mode.
Assuming that if a file’s Macro is not executed, the malware will not be able to infect the device, it follows that the biggest challenge in preventing macro virus infections is to identify the vectors of the virus early and correctly. Central propagation or phishing/email spam emails also sent via certified email (PEC).
Therefore, a series of practical measures to be combined with the defence measures usually used as antispam and antivirus tools are useful for this purpose.
While a spam filter can only allow you to reduce the number of suspicious emails that reach your inbox, lowering the probability of a possible infection and an antivirus, provided it is updated, can only warn and not always correct an infection caused by opening a malicious link or downloading a suspicious file.
The best way to further minimize such a potential threat would be to:
- Be wary of emails from even known senders and containing invoices or requests for confidential information. Through spoofing techniques it is possible to falsify not only email addresses but also social network accounts and instant messaging applications;
- pay attention to the attached documents that offer previews with texts and images that increase the curiosity in wanting to know the content of the document itself;
- Check-in MS Word / Excel that the Disable all macros with notification setting is always the default. In case of need (even if the steps may slightly differ according to the version of the MS Office package in use), it is possible from the File menu to choose Options and, following the path Security Center / Macro Settings, to opt according to the level of security considered most adapted to your needs.
