Hackers Abuse Excel 4.0 Macros to Deliver Malware such as ZLoader & Quakbot


Amongst all the 160,000 documented files, the users discovered that 90% of the files have used Excel 4.0 (XLM) macros. However, if users come across a document that typically includes XLM macros, then it verifies that its macro will be destructive.

After evaluating the harmful attack, the professionals familiarized that they are handling the Quakbot household. Security scientists have actually explained further that the hackers behind Quakbot typically disperse all their payloads in the kind of an Excel file.

The Excel 4.0 macros are being continually adjusted by the threat stars. just recently professionals have found that hackers are abusing Excel 4.0 macros to spread out ZLoader and Quakbot malware.


To know all its key details, the professionals have actually downloaded all the recorded files of Excel up to November 2020, that consist of almost 160,000, as we informed earlier.

Analytical Analysis & & Data.

Its not the first time hackers are abusing Excel 4.0; the majority of the hackers attack Excel to spread their malware in the whole system.

According to the cybersecurity researchers, XLM macros are a tradition Office choice, and consequently, it offers a small possibility that the brand-new documents would utilize them instead of more “contemporary” VBA macros.

In a report, the cybersecurity scientists stated that Excel4 (XLM) macros are a tradition scripting language that was first launched in 1992..

However, these XLM macros download and perform a malicious second-stage payload retrieved from a remote server. Thats why the cybersecurity researchers affirmed that it is really important that Macros needs to get decrypted as quickly as possible.

Furthermore, the experts came to know that the malware fooled the users into allowing macros with convincing messages, but they have also included embedded files containing XLM macros.

Quakbot Specimen.

The Excel macros are rather old, however hackers are targetting them since it supplies courses to access all the effective functionalities like interaction with the operating system (OS).

The experts came to know about this malware through a study of 160,000 Excel 4.0 files between November 2020 and March 2021. After a correct investigation, they discovered that 90% of the file files were determined as destructive..

Thats why the hackers attempt to encourage their targets to allow macros so that they can quickly decrypt the content. The messages that the hackers send out are rather convincing, and therefore most of the time, users fall for their trap.

You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity, and hacking news updates.