Here's a 2015 article arguing that Macro-based malware is making a comeback.
Obviously running untrusted macros is bad news, but what are the specific problems?
As far as I understand, VBA can do things like read files, delete files, monitor keystrokes (probably not globally, but definitely within excel), and make web calls. Those are a lot of problems right there. Are there any others?
Macros can do anything that the user context of the program itself can do. They are executable programs. For example, they could contain a native executable, which is dropped onto the filesystem and then executed. If the user runs the program (e.g. Word) as an administrator, then the macro's payload now has full control over the system.
In general you should avoid macros like the plague. They're difficult to properly audit, since event callbacks can be used to hide code all over the place. Untrusted documents should be opened in a sandboxed environment (e.g. via Sandboxie, or in a VM) and the office application should be configured to block macros by default, either entirely or with a prompt to allow once.
Since vulnerabilities common document applications (e.g. Adobe Reader, Microsoft Office, etc.) are widely targeted, it can be useful to use alternatives (e.g. FoxIt or LibreOffice) that aren't as common. This is a security through obscurity method, but it has a tangible use-case here. I also highly recommend installing Microsoft EMET and configuring it for any application that commonly accesses untrusted data, including web browsers and office programs. This will usually prevent a huge portion of exploits from working properly, as long as they haven't been explicitly written to target EMET-protected systems.
