Hackers Abuse Excel 4.0 Macros to Deliver Malware such as ZLoader & Quakbot


Among all the 160,000 recorded files, the users found that 90% of the files have actually utilized Excel 4.0 (XLM) macros. If users experience a document that typically includes XLM macros, then it verifies that its macro will be malicious.

To understand all its essential details, the professionals have actually downloaded all the documented files of Excel up to November 2020, that consist of nearly 160,000, as we told previously.

Additionally, the professionals came to know that the malware deceived the users into permitting macros with persuading messages, however they have also featured embedded files containing XLM macros.


Nevertheless, these XLM macros download and carry out a harmful second-stage payload obtained from a remote server. Thats why the cybersecurity researchers verified that it is very crucial that Macros ought to get decrypted as quickly as possible.

You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity, and hacking news updates.

Thats why the hackers try to encourage their targets to permit macros so that they can quickly decrypt the material. The messages that the hackers send out are rather persuading, and for that reason most of the time, users fall for their trap.

Its not the very first time hackers are abusing Excel 4.0; the majority of the hackers attack Excel to spread their malware in the entire system.

The Excel 4.0 macros are being continually adapted by the threat actors. recently professionals have discovered that hackers are abusing Excel 4.0 macros to spread out ZLoader and Quakbot malware.

According to the cybersecurity researchers, XLM macros are a tradition Office option, and subsequently, it supplies a small possibility that the brand-new files would use them instead of more “modern-day” VBA macros.

Analytical Analysis & & Data.

The Excel macros are rather old, but hackers are targetting them due to the fact that it offers paths to access all the effective functionalities like interaction with the os (OS).

In a report, the cybersecurity researchers mentioned that Excel4 (XLM) macros are a tradition scripting language that was very first launched in 1992..

After examining the destructive attack, the professionals came to know that they are dealing with the Quakbot family. Security researchers have explained even more that the hackers behind Quakbot frequently distribute all their payloads in the kind of an Excel document.

Quakbot Specimen.

The analysts came to know about this malware through a study of 160,000 Excel 4.0 documents between November 2020 and March 2021. After an appropriate examination, they found that 90% of the document files were determined as malicious..