Malicious actors are always looking for a way to deliver their malware to their targets. Recently, they have resorted to distributing malicious Office documents containing VBA macros. This method is often effective because all the user needs to do is click “Enable Macros” displayed in the document and code execution is achieved. They often rely on social engineering in order to persuade the target to run the macro. For example, a recent campaign has revealed that the authors will have the document display “encrypted” text. It will then ask the user to click “Enable Macros” in order to decrypt it. Once the macro is ran, it hides the “encrypted” text and then reveals actual readable text.
more here......https://enigma0x3.wordpress.com/2015/03/18/removing-the-password-from-malicious-vba-projects/
more here......https://enigma0x3.wordpress.com/2015/03/18/removing-the-password-from-malicious-vba-projects/