Hackers implanting macro-enabled docs via container files to Bypass Microsoft protections
On Friday, Attackers are implanting macro-enabled Office documents in container files such as archives and disk images to avoid a recently rolled-out macro-blocking feature in Microsoft Office.
It was declared in February that the macro-blocking feature is there to prevent phishing attacks by making it more difficult for users to enable macros in documents received from the internet.
Small snippets of code implanted in Office documents, and macros have long been misused by Hackers in phishing attacks and for malware delivery.
Microsoft in 2016 disabled the automated execution of macros in Office documents which was received from the Internet but has let users enable them with a single click.
Adversaries have been using various social engineering techniques to trick users into enabling the macros, and Microsoft in February declared the latest mechanism to block macros by default in documents received from the internet.
At the top of the page, A red notification warns users that macros have been blocked and, if clicked on, takes them to a web article, informing them about the risks associated with malicious macros.
Currently starting to Access, Excel, PowerPoint, Visio, and Word on Windows, the feature essentially stamps these documents with a “Mark Of The Web” (MOTW) that can be removed out if the user saves the document to the local disk.