We stand with Ukraine to help keep people safe. Join us

Tags Malware Threats Malware

What is a Macro Virus: Symptoms, Examples, and Prevention

Table of contents

It’s a day like any other. You’re going through your inbox. You open an email from a friend and they’ve attached a Word document. Looks interesting! You download it, open it and…


This is how quickly you can be tricked into infecting your computer with a macro virus. Once on your computer, it can carry out a number of malicious actions such as infecting your email contacts, stealing your passwords, and even gaining control over your webcam.


But don’t worry, we’re here to show you how to prevent macro viruses from infecting your devices.


Pro tip: No computer is immune to malware. Luckily, Clario is here to help. It runs deep system scans and protects you from malware in real-time. Best of all, it has built-in 24/7 support from live security experts. Enjoy Clario and keep your digital life safe.

What is a macro virus?

A macro virus is a piece of malicious code written in the same macro language used in everyday applications, such as Microsoft Word, Excel, and Powerpoint. The attack code commonly hides in documents and spreadsheets and is activated as soon as you open the file.


Once the macro virus has infected one of your applications, it triggers malware designed to cause damage to your computer and further spread the virus. Since the code runs on software and not on operating systems, it can infect any computer, even your Mac.

How does a macro virus work?

To unleash macro viruses, cybercriminals create a malicious code, insert it into documents, and then trigger it to run as soon as you enable any macros. To better understand how it works, let’s discuss what a macro is.  


A macro (short for “macroinstruction”) is a kind of code designed to instruct applications like Excel and Word to perform certain actions. Macros are intended to make your life easier by speeding up or eliminating repetitive tasks.


For example, a real estate agent may need to add a client’s personal information to multiple documents every time he sells a house. The agent can use Microsoft Word’s macros to record and automate the frequently used formatting settings. This way, he can fill up numerous documents with the press of a button and save valuable time.


Now here comes the caveat: malicious macros can be created just as easily as helpful ones. But instead of instructing applications to perform helpful tasks, a macro virus wreaks havoc on your computer by setting destructive activities in motion. It could end up corrupting your data, reformatting the hard drive, and creating new files.  

How do macro viruses spread?

Macro viruses spread easily and silently. First, they infect other documents on your computer. If you send one as an attachment in an email, you will have inadvertently sent the virus to your recipient. Secondly, a macro virus can quickly gain access to your email contacts, then resend the infected document to your contacts on your behalf. This is known as a phishing email.


You may be wondering how a macro virus can end up on your computer. Unfortunately, it’s surprisingly easy to pick one up when you’re going about your daily online business. You may catch malicious macros from the following sources:

  • Phishing emails with infected attachments
  • Files from the internet
  • Files from a home network, company intranet, or public Wi-Fi
  • Files stored on external storage devices like flash drives, hard drives, and discs

Hackers use social engineering techniques or psychological manipulation to get people to click on malicious links or infected files lurking in your email or on a USB flash drive your friend lent you.

What is Microsoft doing about this problem with macros?

Macros in Microsoft Office used to be enabled by default. However, following increasing numbers of macro virus attacks, Microsoft made the decision to disable them.


Now, macros are disabled by default in all versions of Microsoft Office, from 2000 onwards. When you open a document containing macros, Office will ask you if you’d like to enable them.


This certainly reduces the risk that you’ll catch a macro virus. However, cybercriminals are nothing if not persistent and still find ways to trick users into enabling macros and infecting their devices with malware.

What are some macro virus examples?

Macro viruses had their heyday in the nineties. With the growing sophistication of antivirus software, hackers are reviving their old tricks — with a twist.  


Here are some examples of macro viruses that have wreaked havoc on our digital world.



In 1995, a virus called Concept became the first macro virus to spread through Microsoft Word. Microsoft shipped out hundreds of CD-ROMs called “Microsoft Compatibility Test” that accidentally included the virus. From there, users inadvertently spread the virus via infected email attachments.


While Concept didn’t have the capability to send itself via email, it was a forerunner to the Melissa virus, which very effectively diffused itself.



In 1999, the Melissa virus spread via an infected Word document through email. The email contained the message:


“Here is the document you asked for … don't show anyone else ;-).”


The attachment was usually called list.doc. When the recipient opened the document, the virus infected their computer and sent itself to the first 50 people in the user’s email address book. It caused the virus to spread rapidly with estimates suggesting it  went on to infect more than a million computers.


Attack on Macs

In 2017, hackers created a macro virus specifically targeting Macs. The virus spread via email in a macro virus-infected Word document titled “U.S. Allies and Rivals Digest Trump's Victory — Carnegie Endowment for International Peace.docm.”


When the user opened the document they would see the familiar dialogue box inviting them to enable the document’s macros. Doing so infected the user’s computer with malware, allowing hackers to access the user’s browser history, monitor webcams, and steal passwords and encryption keys.

How do I know if my computer is infected with macro virus?

Macro viruses are tricky to detect. You may only realize your computer is infected once you start getting calls from your contacts asking about a strange email you supposedly sent.  


Here are some other macro virus symptoms to look out for are:

  • Your computer is running slower than usual
  • Strange changes being made to your documents
  • Menu items missing from your software application
  • The appearance of unusual dialog boxes you don’t normally see
  • Your computer saving files as “templates”
  • Your computer asking you for passwords to access files that are not usually password protected

Needless to say, macro viruses can greatly affect the performance of your computer so it's important that you learn how to prevent them from infiltrating your device.

How to prevent a macro virus attack?

Hackers use cunning tricks, so manually removing a macro virus isn’t easy. That’s why macro virus prevention is by far the most effective way to avoid an attack. Here are some simple, yet highly effective actions you can take now to enhance your protection.


  • Use an antivirus. Trusted antivirus software will warn you if you attempt to access any suspicious files or links. Follow these steps to protect your device with Clario, an all-in-one security app:

1. Download Clario


2. Create your Clario account

Create a Clario account

3. Scan your device for macro viruses and other types of malware

Scan for computer worms and other malware

4. Switch on real-time antivirus protection to keep any malware at bay 24/7

Activate real-time antivirus protection
  • Filter out phishing emails. The fewer spam emails you come across, the less chance you’ll be tricked into downloading something you shouldn’t.
  • Update all software and patches. Always keep your operating system and programs up to date for maximum security.
  • Don’t open attachments from unknown senders. Why would this person have your email address? Always avoid opening emails from people you don’t know.
  • Don’t open suspicious-looking attachments, even if they’re from someone you know. This is a very common way for macro infection to spread.
  • Avoid clicking on banner ads. It’s possible you could download a document containing a macro virus by clicking on malicious links in ads. Be careful what you click.
  • Make sure macros are disabled on your Microsoft Office programs. And don’t allow cybercriminals to trick you into enabling them.

You can disable macros on Microsoft programs by following these steps:

  1. Go to the Word or Excel Menu
  2. Choose Preferences from the dropdown options
  3. Click on Security
  4. Select Disable All Macros Without Notification


* * *


Macro viruses are now more sophisticated than when they first came out in the nineties. They’re more damaging and can even be used to activate other malware attacks.  


These viruses hide behind the cloak of trusted applications, so avoiding them may not always be easy. Now more than ever, you need to make sure you’re taking extra precautions and that you’re armed with the right antivirus software.

Keep reading

With our anti-malware on, viruses have no chance of passing through.

Get started