What are macros and how are they being used to hack into your system

What is a Macros virus?

A macro, fundamentally, is an action or set of actions that can be run repeatedly. It is widely used in Microsoft applications, such as Excel and Word to record mouse clicks and keystrokes to help automate tasks. Hackers convert macros into viruses by embedding malicious scripts that can harm your system.    

Can macros be used to hack people?

Yes. Macros are being used by hacker’s globally to break into systems by baiting humans, as they are the weakest security link. 

How do hackers exploit macros to infect your system?  

Hackers create documents using the macro function in Microsoft documents, such as Excel and Word. They embed it with malicious code/script and send it to people in various organizations by creating email addresses that mimic internal email addresses. When the recipient gets an email and tries to open the document, it prompts an option to ‘Enable Macro’. If the user thinks the source is trust-worthy and enables the macro, the embedded script which was hidden in the file downloads an open source virus from the internet. It then infects the user’s system with that virus.  

Why are macro based virus attacks on the rise?

We have entered the era of automation. People are automating mundane tasks to save time. Most organisations have internal files that are used to track daily activities. Macros help them complete the work faster. Hackers use this as an opportunity to exploit people that are not educated about security.

Why does your anti-malware not detect macro-based viruses?

Macros are a legitimate functionality in Microsoft documents. This means that it is difficult for an anti-virus software to detect it accurately. In a recent security breach, Macros were used to infect the impenetrable Mac OS systems. After an audit, it was found that only 4 Anti-Virus(AV) engines were able to flag it as a malicious.                   

What is the practical solution to avoid macro-based attacks? 

Think Secure Security Education (TSSE) is designed to ensure that you and your staff are aware of the latest security threats. We use the Hollywood style storytelling platform to deeply engage your staff and educate them about the latest security breaches. Each episode is animated, 3-4 mins long and has quizzes towards the end.


In NINJIO’s Season 3, Episode 5, a routine day at air traffic control turns dangerous when the system begins to glitch? Macro-based malware made it into the organization’s system, rendering their equipment useless.? The result could put innocent lives at stake.? Whenever an email is received with an attachment containing macros, it’s a best practice to verify who sent the file and whether or not it should be trusted. Watch an episode now

Macros in the news

Tripwire looks at the malware called BlackEnergy and its attempts to shut down an airport in Ukraine.

This Spiceworks article dives into the dangers of bypassing the IT department or specialists within an organization.

It’s a Wild, Wild Word: New Macro Malware Now Infecting Both Windows and Mac OS

Security Intelligence looks at the dangers of macro-based malware as it begins to hit more operating systems.

The University of Tulsa looks at causes of breaches and hacks, focusing on the importance of emphasizing an organizational commitment to security awareness.

Azriel Dsouza

Norman Johnston
"The most powerful motivating factor for employees is seeing tangible progress whilst performing meaningful work. Effective information Technology achieves this objective."

Norman Johnston
Think I.T. Team


Are your employees up to date on their security awareness?

Cyberwarfare is a part of a new reality as evidenced by the distributed denial-of-service (DDoS) attacks targeting the websites of the Ukrainian defence ministry, army, and two of the country’s largest banks several days before the Russian invasion. These were the most significant attacks of this kind the country has ever faced, according to government officials. The U.S....  more...