Hackers Abuse Excel 4.0 Macros to Deliver Malware such as ZLoader & Quakbot


The Excel macros are rather old, but hackers are targetting them due to the fact that it provides paths to access all the effective functionalities like interaction with the operating system (OS).


Thats why the hackers attempt to convince their targets to permit macros so that they can easily decrypt the content. Nevertheless, the messages that the hackers send are rather persuading, and for that reason most of the time, users fall for their trap.

Quakbot Specimen.

According to the cybersecurity scientists, XLM macros are a legacy Office alternative, and consequently, it supplies a small chance that the brand-new documents would utilize them rather of more “modern-day” VBA macros.

Amongst all the 160,000 recorded files, the users discovered that 90% of the files have actually utilized Excel 4.0 (XLM) macros. If users experience a file that normally contains XLM macros, then it confirms that its macro will be harmful.

Nevertheless, these XLM macros download and execute a destructive second-stage payload retrieved from a remote server. Thats why the cybersecurity researchers affirmed that it is really important that Macros should get decrypted as soon as possible.

You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity, and hacking news updates.

Moreover, the professionals came to understand that the malware tricked the users into allowing macros with convincing messages, but they have also featured embedded files including XLM macros.

The experts familiarized about this malware through a survey of 160,000 Excel 4.0 files in between November 2020 and March 2021. After an appropriate examination, they discovered that 90% of the file files were recognized as destructive..

The Excel 4.0 macros are being continuously adapted by the hazard stars. recently experts have actually detected that hackers are abusing Excel 4.0 macros to spread out ZLoader and Quakbot malware.

In a report, the cybersecurity scientists stated that Excel4 (XLM) macros are a tradition scripting language that was first released in 1992..

However, to understand all its essential details, the specialists have actually downloaded all the recorded files of Excel as much as November 2020, that include almost 160,000, as we told previously.

Statistical Analysis & & Data.

After evaluating the harmful attack, the experts familiarized that they are handling the Quakbot household. Security researchers have actually described even more that the hackers behind Quakbot typically distribute all their payloads in the form of an Excel file.

Its not the first time hackers are abusing Excel 4.0; the majority of the hackers attack Excel to spread their malware in the whole system.