Macro virus

A macro virus is specific type of virus written in macro, a programming language for automating repeated tasks.

What is a macro virus?

With malware like ransomware, spyware, computer worms, and certain Trojan horses attacking our privacy and financial security, legacy threats like viruses have taken a backseat for a few reasons. For one, while viruses can be destructive to our data, they can’t hijack our computers for ransom or snoop on us. For the other, your operating system's baked-in security software can stop most viruses with signature-detection technology.

However, there is a subset of PC viruses that can be hard for default security tools to detect or remediate, and that shares characteristics with more threatening types of malware. It can even drop other malware. So, let’s learn more about these macro viruses.  

Macro virus definition

In terms of cybersecurity, a macro virus is a kind of virus that’s written in macro, a programming language rooted inside software applications like Microsoft Office. This programming language is handy because it allows users to automate tasks into a few keystrokes and enhance workflow. Unfortunately, the language is also vulnerable to the macro virus.

Like a typical virus, a macro virus operates by injecting its code into macros attached to the type of popular data files associated with office work, like Microsoft Word, Excel, or PowerPoint files. It can also infect content like ActiveX controls or COM add-ins. Once a macro virus is part of the automated process of a macro, it only needs you to activate the files or enable the macro to potentially perform any of the following actions:

  • Delete files
  • Corrupt files
  • Move files
  • Send files
  • Format storage drives
  • Drop pictures
  • Drop other more prolific malware

What are the characteristics of a macro virus?

A macro virus shares the traits of a typical computer virus. Like a regular computer virus, a macro virus needs human interaction to activate. However, much like Trojan horse malware, a virus can deliver other malware to your system. It also uses deception like a Trojan to spread by hiding under seemingly legitimate files.

Can Macs get a macro virus?

There’s a popular misconception that Macs can’t contract a malware infection, partially thanks to Apple’s 2006 marketing strategy. But, yes, Macs can get viruses, even macro viruses, because macro viruses attack software independent of the operating system (OS). In fact, in 2017, security researchers found a macOS virus that may have had spyware-like capabilities. It would check for the Mac outgoing firewall called Little Snitch before attempting to install a second-stage component.

How does a macro virus affect the computer?

A macro virus can affect a computer’s performance by slowing it down, crashing programs, or forcing the blue screen error. You may also see more subtle symptoms like unexplained error messages, uncharacteristic password requests from files, and documents with strange extensions. Advanced symptoms include missing data, a computer that won't boot the operating system, and infected emails sent to your contacts without your permission.

What is a Microsoft Word macro virus?

A macro virus can use Microsoft Word as a vehicle by hiding inside a Word document’s macro. Once you open the infected document, it will corrupt your system by piggybacking on other files. To counter the threat of malicious documents, you can disable the use of macros (if macros are not something you use).

What is an example of a macro virus?

One of the earlier macro viruses was called Concept. It spread quickly through infected documents and Microsoft CDs, though it wasn't particularly harmful. The Melissa virus was a more disruptive macro virus, which also attacked Word documents and spread through emails marked “important message.” A judge sentenced Melissa’s creator to 20 months in prison and fined him after the malware impacted thousands of computers, causing over $80 million in damage. Also noteworthy is the Mac virus that exploited Microsoft Word macros in 2017 mentioned above.

How to stop macro viruses

Macro viruses may require more vigilance than average viruses. For example, with Microsoft disabling macros by default to protect users, macro viruses may trick you into enabling them to wreak havoc. So, if you do not use macros, you likely would want to ignore a suspicious document’s request to enable macros in order to keep these macro viruses at bay.

You can also neutralize common macro virus threat vectors like email attachments by scanning your email with antivirus software and using your spam filter. Likewise, never open any unsolicited email, especially if it carries an innocent-looking document. In general, to help block different types of threats, ensure that you install software updates when they come in and run a quality antivirus/anti-malware program to protect your computer. 

How to remove macro viruses

If you think you may already have a macro virus (or other type of malware) on your computer, the first thing you want to do is use a virus scanner to check. You can try Malwarebytes free scanner to check for viruses and malware. If you find a virus or malware, you can clean it from your computer. For ongoing protection, consider Malwarebytes Premium to regularly scan your computer for viruses and malware, and remove any that's found. 

Select your language