From thehackernews.com
With Microsoft taking steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default across Office apps, malicious actors are responding by refining their tactics, techniques, and procedures (TTPs).
“The use of VBA and XL4 Macros decreased approximately 66% from October 2021 through June 2022,” Proofpoint said in a report shared with The Hacker News, calling it “one of the largest email threat landscape shifts in recent history.”
In its place, adversaries are increasingly pivoting away from macro-enabled documents to other alternatives, including container files such as ISO and RAR as well as Windows Shortcut (LNK) files in campaigns to distribute malware.