Hackers are increasingly using Microsoft Office macros to deliver malware to victims, according to the security vendor Trend Micro.
Appearing as a seemingly benign attachment, the Excel and Word documents come embedded with a set of instructions, or macros, that are supposed to automate repetitive tasks, but are in fact malevolent.
Maydalene Salvador, anti-spam research engineer at Trend Micro, wrote on the firm’s blog: "Spam with macro-based malware typically make use of social engineering lures like remittance and invoice notifications, emails related to tax and payment slips, payment confirmation, purchase orders, etc.
"Most of the spammed emails even contain so-called shipping codes in the email subject to appear authentic."
Attackers are now using macro-based malware to install data-stealing malware such as Upatre and malawe used to install other viruses such as Bartalex, which has been programmed to behave differently depending on which operating system it is run on.
Figures from the company show a rise in macro-related spam since October last year, indicating the firm that it may continue to rise over the coming months.
As such users are advised to be cautious about opening email attachments, even if they are familiar with the sender, and to ignore emails from unknown sources.