Researchers from McAfee Labs stumbled upon a novel tactic that “downloads and executes malicious DLLs (ZLoader) without any malicious code present in the initial spammed attachment macro” ZLoader infections propagated using this mechanism have been primarily reported in the U.S., Canada, Spain, Japan, and Malaysia. The malware is a descendant of the infamous ZeuS banking trojan known for aggressively using macro-enabled Office documents as an initial attack vector to steal credentials and personally identifiable information from targeted financial institutions.
Source: https://thehackernews.com/2021/07/hackers-use-new-trick-to-disable-macro.html