Malware authors don't necessarily need to trick users to enable macros to run malicious code. An alternative technique exists, one that takes advantage of another legitimate Office feature.
Cyber-security firms McAfee and FireEye have both disclosed in-the-wild attacks with a new Microsoft Office zero-day that allows attackers to silently execute code on targeted machines and secretly install malware.
A large SPAM campaign is underway where victims receive an email that pretends to be a requested invoice and contains a password for a password protected encrypted Word document attachment. These password protected word documents contain embedded VBScript files that will download and install the Urlsnif keylogger.
After last month security researchers discovered the first-ever Word document spreading macro malware on macOS, last week, researchers from Fortinet spotted a Word document that contained macro scripts that distributed both Windows and macOS malware at the same time, depending on the OS it managed to infect.