Hackers Abuse Excel 4.0 Macros to Deliver Malware such as ZLoader & Quakbot


In a report, the cybersecurity scientists stated that Excel4 (XLM) macros are a legacy scripting language that was very first launched in 1992..


The Excel 4.0 macros are being constantly adapted by the threat actors. recently professionals have identified that hackers are abusing Excel 4.0 macros to spread out ZLoader and Quakbot malware.

Quakbot Specimen.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

The specialists came to know that the malware tricked the users into permitting macros with convincing messages, but they have likewise come with embedded files consisting of XLM macros.

Analytical Analysis & & Data.

Among all the 160,000 recorded files, the users found that 90% of the files have actually utilized Excel 4.0 (XLM) macros. But, if users experience a file that typically contains XLM macros, then it verifies that its macro will be malicious.

After examining the harmful attack, the specialists came to know that they are dealing with the Quakbot family. Security scientists have described even more that the hackers behind Quakbot typically distribute all their payloads in the kind of an Excel file.

However, these XLM macros download and perform a malicious second-stage payload recovered from a remote server. Thats why the cybersecurity scientists affirmed that it is really crucial that Macros should get decrypted as quickly as possible.

According to the cybersecurity researchers, XLM macros are a legacy Office alternative, and as a result, it provides a little possibility that the new documents would utilize them rather of more “modern-day” VBA macros.

To know all its essential information, the professionals have downloaded all the documented files of Excel up to November 2020, that consist of nearly 160,000, as we informed previously.

The Excel macros are rather old, but hackers are targetting them due to the fact that it offers courses to access all the powerful functionalities like interaction with the os (OS).

The analysts came to understand about this malware through a survey of 160,000 Excel 4.0 documents in between November 2020 and March 2021. After a correct examination, they found that 90% of the file files were identified as harmful..

Thats why the hackers attempt to persuade their targets to permit macros so that they can easily decrypt the content. The messages that the hackers send are quite persuading, and for that reason most of the time, users fall for their trap.

Its not the very first time hackers are abusing Excel 4.0; most of the hackers attack Excel to spread their malware in the entire system.