Hackers Abuse Excel 4.0 Macros to Deliver Malware such as ZLoader & Quakbot


You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity, and hacking news updates.

Its not the first time hackers are abusing Excel 4.0; many of the hackers attack Excel to spread their malware in the entire system.


In a report, the cybersecurity scientists mentioned that Excel4 (XLM) macros are a tradition scripting language that was first introduced in 1992..

The Excel macros are quite old, but hackers are targetting them due to the fact that it provides courses to gain access to all the powerful functionalities like interaction with the operating system (OS).

The experts came to know about this malware through a survey of 160,000 Excel 4.0 documents in between November 2020 and March 2021. After a proper examination, they discovered that 90% of the file files were determined as harmful..

After analyzing the destructive attack, the experts familiarized that they are handling the Quakbot household. Security scientists have described even more that the hackers behind Quakbot frequently disperse all their payloads in the kind of an Excel document.

These XLM macros download and perform a malicious second-stage payload retrieved from a remote server. Thats why the cybersecurity scientists verified that it is really important that Macros ought to get decrypted as quickly as possible.

Among all the 160,000 documented files, the users found that 90% of the files have actually used Excel 4.0 (XLM) macros. If users experience a file that typically consists of XLM macros, then it verifies that its macro will be harmful.

To know all its essential details, the experts have actually downloaded all the documented files of Excel up to November 2020, that consist of almost 160,000, as we told previously.

Additionally, the experts came to understand that the malware tricked the users into allowing macros with persuading messages, however they have actually also come with ingrained files including XLM macros.

Analytical Analysis & & Data.

The Excel 4.0 macros are being continuously adapted by the danger actors. recently professionals have actually detected that hackers are abusing Excel 4.0 macros to spread out ZLoader and Quakbot malware.

Quakbot Specimen.

According to the cybersecurity researchers, XLM macros are a legacy Office option, and as a result, it provides a little opportunity that the new documents would utilize them instead of more “modern” VBA macros.

Thats why the hackers try to encourage their targets to allow macros so that they can quickly decrypt the material. However, the messages that the hackers send out are rather convincing, and therefore the majority of the time, users fall for their trap.