What is VSTO and how can it be used to implement an Office backdoor?

VSTO (Visual Studio Tools for Office) is a framework for customizing Office applications with add-ins. Attackers can create a VSTO add-in (e.g., a Word Add-in) that executes malicious code when Office starts. As detailed in Office backdoor implemented using VSTO, this provides a stealthy persistence mechanism that loads even when macros are disabled.