The Zloader banking malware is a banking trojan designed to steal credentials and other private information from users of targeted financial institutions. The attack marries functions in Microsoft Office Word and Excel to work together to download the Zloader payload, without triggering an alert warning for end users. The initial attack vector is inbox-based phishing messages with Word document attachments that contain no malicious code. The macro-obfuscation technique leverages both Microsoft Office s Excel dynamic data exchange (DDE) fields and Windows-based Visual Basic for Applications (VBA) to launch attacks.
Source: https://threatpost.com/microsoft-office-malware-protection-bypass/167652/