Threat Actors Increasingly Using VBA Purging in Attacks
Initially detailed in February 2020, VBA purging involves the use of VBA source code only within Office documents, instead of the typically compiled code, and ensures better detection evasion. Malicious Office documents have VBA code stored within streams of Compound File Binary Format (CFBF) files, with Microsoft’s specifications on VBA macros (MS-OVBA) storing VBA data…