A recent report from McAfee revealed that hackers are possibly targeting Canada and the US with a new macro-based malware present in Microsoft Office.
Indeed, this new tactic uses macro obfuscation, Windows tools and legacy supported XLS formats before downloading and executing malicious DLLs without any trace of malicious code in the email attachment. If a victim receives a phishing email with a Microsoft Word document attachment and opens it, a password-protected Microsoft Excel file is downloaded.
Then, the hackers have created a new function that enables macros to run when the victim clicks on the enable editing and enable content buttons. With this, a malicious file is downloaded on the server and may be threatening further systems.
It was thus advised that all users avoid opening any email attachments or clicking on links present in the mail before checking the identity of the sender first.