According to researchers at Proofpoint , the use of traditional macro attachments dropped by recently because Microsoft started blocking them by default. In response, attackers pivoted to using RAR and ISO attachments to trick users into manually extracting and running the malicious files. Interesting Reads on the Topic
Here’s a breakdown of why that specific file type is so interesting from a security perspective: The "Macro-Archive" Strategy Office Macro Downloader.rar
Macro-Blocking & How Threat Actors Are Adapting explains the shift from Office files to archives like RAR. According to researchers at Proofpoint , the use
Macro-Blocking & How Threat Actors Are Adapting - Proofpoint According to researchers at Proofpoint