December 11, 2023

Once Microsoft blocked the Office Macro for VBA and XLM or XL4, ransomware actors quickly switched tactics to adapt to the new changes.

Researchers says that Microsoft’s solution to bar hackers from hacking the XL4 and VBA macros had gone a long way declining to 66% in last 9 months.

The hackers who have previously exploited the office macros are now shifting tactics for a new attack route. They have been relying on controlling RAR and ISO files to infect systems with malware. Even the LNK files are reportedly involved in their latest campaign.


Threat actors have been devising their plans to pivot away from the usual campaign through VBA macros. They continue to experiment further to see what email-based malware campaign will effectively spread the virus and bypass the victim’s MOTW (Mark of the Web) protection.

Experts have discovered about a 175% increase in the incidents of exploitations related to LNK, RAR, and ISO usage.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.