In the 3rd quarter of 2020, around 38% of all downloadable malware were found hidden in Office documents – In the first quarter of 2021, this rate decreased slightly to 34%, only to set new records by touching 43% in the next quarter.
Microsoft Office documents help tens of hundreds of millions of users in their daily online tasks around the globe. At the same time, these documents are a lucrative way for cybercriminals to distribute malware.
To trick users into downloading malware, attackers infect Office docs by creating malicious macros and send these files to unsuspecting users through emails. Usually, people easily get tricked into enabling macros as MS Office, and hence, they open the malicious file without thinking twice.
For your information, macro refers to commands bundled together for completing a particular task automatically.
43% of All Malware Downloads are Hidden in Office Docs
According to researchers at Atlas VPN, nearly 43% of all malware downloads are hidden in infected MS Office documents. Such files are quite popular among threat actors because they can easily evade detection from a majority of antivirus software.
It is worth noting that Atlas VPN’s findings are based on another report titled Netskope Threat Lab Cloud and Threat Report: July 2021 Edition, which covered how cybercriminals were exploiting Office docs.
In their research, Netskope Threat Lab assessed documents from different platforms, including Google Docs and PDF files apart from Microsoft Office 365.
Malicious Office Documents A Persistent Threat
According to the report, in the second quarter of 2020, around 14% of all downloadable malware were found hidden in Office documents, and by the third quarter of 2020, this percentage jumped to 38%, mainly due to increased reliance on remote working.
In the first quarter of 2021, this rate decreased slightly to 34%, only to set new records by touching 43% in the next quarter.
EMOTET is Most Widely Used Malware
Researchers identified that EMOTET was one of the most dangerous malware found in Word documents. It was disrupted in 2021 by the collective efforts of global law enforcement agencies and cybersecurity companies.
Remember, EMOTET was a persistent malware as it allowed the installation of other malicious software like ransomware, information stealers, and trojans.
Nevertheless, Trend Micro’s research confirms that EMOTET is still being distributed by targets that are already compromised by the notorious malware. For example, Emotet was associated with other threats including Trickbot and Ryuk malware, the latter representing one of the most notorious ransomware families.
