When creating a harmful Office document that runs code when opened, what specific programming language is usually hidden inside it?

The specific programming language usually hidden inside a harmful Office document that runs code when opened is Visual Basic for Applications, commonly known as VBA. VBA is a programming language developed by Microsoft that is integrated directly into Microsoft Office applications like Word, Excel, and PowerPoint. It allows users to automate tasks, create custom functions, and extend the functionality of these applications through what are called macros. A macro is a sequence of commands and instructions written in VBA code that can be executed to perform a specific action or set of actions. When a harmful Office document is created, malicious VBA code is embedded directly within the document file itself, often within specific file formats designed to support macros, such as .docm for Word or .xlsm for Excel. When a user opens such a document, the embedded VBA code can be triggered to run. Modern Office applications typically display a security warning and require the user to explicitly enable macros before the code will execute, but if the user bypasses this warning, the malicious VBA macro runs. This capability allows the code to interact with the Office application's features, manipulate document content, and, critically, interact with the underlying operating system. For example, a malicious VBA macro can be programmed to download and execute malware from the internet, steal sensitive information from the user's computer, or launch other system commands without the user's direct knowledge or consent, making it a common method for attackers to compromise systems.