XLLing in Excel – threat actors using malicious add-ins

For decades, Microsoft Office applications have served as one of the most significant entry points for malicious code. Malicious actors have continued to utilize Visual Basic for Applications (VBA) macros, despite automatic warnings to users after opening Office documents containing code.

In addition to VBA macros, malicious actors, from cybercrime actors to state-sponsored groups, also exploited vulnerabilities in Office applications in order to launch malicious code without user intervention.

Over the years, ever since the first VBA malware was discovered at the end of the century, the cybersecurity community have been vocal in calling on Microsoft to introduce default behavior that will block execution of VBA macros if a document was downloaded or received from the internet.

Read more…
Source: Talos