Security News > 2020 > August > Researcher Details Sophisticated macOS Attack via Office Document Macros
A researcher found a way to deliver malware to macOS systems using a Microsoft Office document containing macro code.
Macros enable Office users to automate frequent tasks using VBA code.
A macro added to an Office document can be triggered when the file is opened, a feature that cybercriminals started exploiting many years ago to execute malicious code that is typically designed to deploy a piece of malware.
This is why Microsoft has disabled the execution of macros by default - users have to explicitly enable macros if they want to execute the code in a document.
Patrick Wardle, principal security researcher at Apple device management company Jamf, pointed out that these attacks were not very sophisticated and they likely had a low success rate, as the targeted user would explicitly have to enable macros, none of the attacks was able to escape the application sandbox even if the macro was executed, and Apple's quarantine feature and notarization checks could have blocked additional payloads.