With macro execution now disabled by default in Office apps, this is just one of the many new phishing techniques that will likely rise to take its place. As with any phishing technique, the best way to prevent it is to make end users aware of this new threat through user education. However, there are some other possible detections to alert to this activity. One possible detection is to monitor for VSTO file creations near the same time as an Office document creation on the same host. Additionally, it may be possible to detect this through Office processes spawning a suspicious process, but our analysts have not yet observed the process chain for this activity in our lab to confirm. In the end, the best strategy for any organization is to have a defense in-depth strategy to ensure that even if one security control failed or was bypassed, this activity would be detected at a different stage in the attack chain.
Source
https://www.bleepingcomputer.com/news/security/hackers-weaponize-microsoft-visual-studio-add-ins-to-push-malware
