What Is Macro Malware?
Macro malware is making a comeback. Learn how to identify potential threats and how to protect yourself against macro malware attacks in Data Protection 101, our series on the fundamentals of information security.
A Definition of Macro Malware
Macro malware (sometimes known as macro viruses) takes advantage of the VBA (Visual Basic for Applications) programming in Microsoft Office macros to spread viruses, worms, and other forms of malware. Macro viruses were relatively common during the 1990s but experienced a lull after the everyday user learned how to combat these threats. With the emergence of more sophisticated social engineering tactics and the steady popularity of macro programs among businesses, the return of macro malware was inevitable. Today, this malware can pose a real threat to personal and enterprise data security, a huge modern-day issue.
How Macro Malware Works
Macro malware is typically transmitted through phishing emails that contain malicious attachments. The email text may request opening from the recipient as an attachment, and run the macros that it contains to view sensitive information. When the macros run, malware coded into the VBA will begin to infect all files that are opened using Microsoft Office. The malware may be constructed, and then relays the data in a file back to the hackers as worth their time, or it may render it useless.
How to Identify Macro Malware Scams
Thankfully, macro malware is not as hard to avoid as spear-phishing or ransomware. If the macros in a Microsoft Office file are not run, then the malware will not be able to infect the device. The biggest challenge in preventing macro malware infections lies in properly identifying phishing emails. Be wary of, and do not trust:
- Emails from unknown senders
- Emails containing invoices or 'confidential information' for unknown purchases
- Documents that offer a 'preview' or 'blur projection' before enabling macros
- Documents whose macro processes look suspicious
Managing Macro Malware Attacks
The best way eliminate the threat of macro malware is to reduce the amount of interaction between malware and a device. It is not necessary to buy a software specifically for the purpose of blocking macro malware attackers. Instead, there are a number of methods that take advantage of software already present on most devices. Use a combination of the following techniques to strengthen your defenses against macro malware attacks:
- Use a spam/junk filter. The fewer phishing emails that reach your inbox, the lower the chance that malware will reach your data.
- Use a strong antivirus program: Antivirus software can send a warning when you attempt to open a harmful link or download a suspicious file..
- Avoid opening any attachments from unknown senders: If you do not know the sender of an email, do not open any attachments, even if the email references personal information or claims to have an unpaid invoice.
- Avoid opening any attachments in suspicious emails from people you know: Reversing the code of the malicious file can decode encrypted data that was stored by the sample, determine the logic of the file’s domain, and see other capabilities of the file that did not show up during the behavioral analysis. In order to manually reverse the code, malware analysis tools such as a debugger and disassembler are needed. The skills needed to complete manual code reversing are very important, but also difficult to find.
- Check what processes a macro controls before running. If the macro command appears to run malicious actions, do not enable macros.
Although many people are familiar with macro malware, they may not know how to identify it. Educate your fellow employees about how to recognize possible threats before they have the opportunity to become a victim. An increased level of awareness will help to reduce the number of macro malware attacks. And if you see a phishy email, do not open it!