Keep your eyes open for fishy Microsoft Office attachments attached to emails in your inbox. They could actually contain dangerous malware that cybercriminals can use to infect your computer and even drain your bank accounts.
The malware is referred to as VBA malware because it's actually embedded within a Microsoft Office file using the Visual Basic for Applications programming function. This function has plenty of legitimate uses, but hackers can also use it to hide malware in seemingly innocent files.
Indeed, over the past six months, malware that arrives as a VBA program inside an innocent-looking document has become an all-too-common occurrence in the threat landscape, and an essential weapon in spam campaigns.
About 83% of the time, this kind of malware is embedded in Word 1997-2003 documents. It can also be found in Excel files and, very rarely, in PowerPoint files, too. There has also been a rise in attacks lately using an old, somewhat obscure XML file format that was introduced with Office 2003 that could make it even harder for your security program to detect.
Perhaps, also, malware authors hope that the rarity of XML-type files means that some security products are unable to deconstruct it properly.
In a document that Naked Security looked at recently, a downloader for the Dridex banking Trojan was hidden within the Word document. This Trojan is designed to steal online banking credentials, so hackers can access your accounts.