What are macro-enabled document attacks?
Macro attacks embed malicious code in Office documents. When victims enable macros (often prompted by **social engineering**), the code executes, downloading and installing **malware** or performing malicious actions directly.
Attack flow: email delivers document claiming to require macro enablement ("Enable editing to view content"), victim enables macros, embedded code runs, **malware** installs or data exfiltrates.
**Microsoft** has restricted macros significantly, blocking internet-sourced macros by default. Attackers adapt: using other file types, exploiting trusted locations, or **social engineering** users to manually unblock. Corporate policies should block macros from external sources.
Was this answer helpful?
Thanks for your feedback!