Hackers Abuse Excel 4.0 Macros to Deliver Malware such as ZLoader & Quakbot


Amongst all the 160,000 documented files, the users discovered that 90% of the files have actually utilized Excel 4.0 (XLM) macros. However, if users experience a file that usually consists of XLM macros, then it verifies that its macro will be harmful.

Quakbot Specimen.

The experts came to know about this malware through a survey of 160,000 Excel 4.0 files between November 2020 and March 2021. After an appropriate investigation, they discovered that 90% of the file files were recognized as harmful..

In a report, the cybersecurity scientists mentioned that Excel4 (XLM) macros are a legacy scripting language that was very first launched in 1992..

After analyzing the destructive attack, the professionals familiarized that they are handling the Quakbot family. Security scientists have actually explained even more that the hackers behind Quakbot often distribute all their payloads in the kind of an Excel file.


You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity, and hacking news updates.

According to the cybersecurity scientists, XLM macros are a legacy Office choice, and consequently, it supplies a small chance that the new files would use them instead of more “contemporary” VBA macros.

Its not the very first time hackers are abusing Excel 4.0; many of the hackers attack Excel to spread their malware in the entire system.

Analytical Analysis & & Data.

Furthermore, the specialists familiarized that the malware tricked the users into enabling macros with convincing messages, however they have actually also included ingrained files containing XLM macros.

The Excel macros are quite old, however hackers are targetting them since it supplies courses to gain access to all the powerful functionalities like interaction with the os (OS).

The Excel 4.0 macros are being continuously adapted by the threat actors. just recently specialists have identified that hackers are abusing Excel 4.0 macros to spread out ZLoader and Quakbot malware.

These XLM macros download and perform a destructive second-stage payload recovered from a remote server. Thats why the cybersecurity scientists affirmed that it is very essential that Macros ought to get decrypted as quickly as possible.

However, to know all its key details, the specialists have downloaded all the recorded files of Excel up to November 2020, that consist of nearly 160,000, as we told earlier.

Thats why the hackers attempt to persuade their targets to enable macros so that they can quickly decrypt the material. The messages that the hackers send out are quite persuading, and therefore most of the time, users fall for their trap.