Since the term "phishing" first appeared in the 1990s, it is by far the most common attack performed by cybercriminals. Phishing exploits "social engineering" to psychologically manipulate the victim into clicking on a link or opening a malicious attachment, etc., to steal the victim's sensitive information. Over time, phishing tactics have become increasingly sophisticated. Macro malware has also grown in popularity over the years. It easily conceals itself in Microsoft Office files and is spread via email attachments or ZIP files. By combining phishing and macro malware, the project aims to develop and program a functional malware demonstrator that spreads the content of documents and e-mail attachments. Analysis of related subjects, formulation of hypotheses, and implementation of specific experiments are the research methodologies used. The project simulated a real-life phishing attack with two main factors: malware macro and the hacker's server. Macro Malware was developed on Microsoft Excel using Visual Basic for Applications (VBA) and Visual Basic Script (VBS). The functionalities of a malware macro include hiding in an attachment, running automatically on opening files, setting up a remote connection with the hacker's server, and hiding communications with the remote server on the victim's computer. The hacker's server is developed in Python and uses the Socket Programming Method to directly control the victim's computer through Malware Macro. This project focuses on the development of Macro Malware, which exploits functionalities provided by Microsoft Office Applications in a "malicious" manner. This has made anti-virus software detection and warning extremely difficult. The aim of this project is also to help readers understand the process lifecycle of a phishing attack with Malware Macro, which in turn will increase the awareness of these phishing attacks and the techniques being used.