According to researchers at Proofpoint , the use of traditional macro attachments dropped by recently because Microsoft started blocking them by default. In response, attackers pivoted to using RAR and ISO attachments to trick users into manually extracting and running the malicious files. Interesting Reads on the Topic
Macro-Blocking & How Threat Actors Are Adapting - Proofpoint Office Macro Downloader.rar
Once enabled, the macro (VBA code) runs in the background. It doesn't usually be the virus itself; it's a "downloader" that reaches out to a remote server to pull down the actual malware—like ransomware or a credential stealer. Why This is Trending Again According to researchers at Proofpoint , the use
Because Microsoft has been cracking down on Office macros, threat actors have started hiding their malicious files inside container formats like or ISO to bypass security filters. It doesn't usually be the virus itself; it's
Historically, hackers sent .doc or .xls files directly. Now, they use a multi-step "infection chain":
Are threat actors turning to archives and disk images? provides a technical look at how .rar and .iso files help bypass "Mark of the Web" security tags.