Hackers Abuse Excel 4.0 Macros to Deliver Malware such as ZLoader & Quakbot


You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity, and hacking news updates.

After evaluating the harmful attack, the experts familiarized that they are handling the Quakbot family. Security researchers have actually described even more that the hackers behind Quakbot often disperse all their payloads in the kind of an Excel file.


These XLM macros download and carry out a harmful second-stage payload retrieved from a remote server. Thats why the cybersecurity scientists affirmed that it is extremely important that Macros should get decrypted as soon as possible.

Additionally, the professionals familiarized that the malware fooled the users into allowing macros with convincing messages, but they have actually also come with ingrained files including XLM macros.

Thats why the hackers attempt to encourage their targets to allow macros so that they can quickly decrypt the material. However, the messages that the hackers send out are quite persuading, and therefore many of the time, users succumb to their trap.

Its not the first time hackers are abusing Excel 4.0; many of the hackers attack Excel to spread their malware in the entire system.

In a report, the cybersecurity researchers mentioned that Excel4 (XLM) macros are a legacy scripting language that was first introduced in 1992..

Statistical Analysis & & Data.

The Excel macros are quite old, however hackers are targetting them due to the fact that it offers paths to access all the effective performances like interaction with the operating system (OS).

However, to understand all its key information, the experts have actually downloaded all the documented files of Excel up to November 2020, that include almost 160,000, as we told previously.

The experts familiarized about this malware through a study of 160,000 Excel 4.0 documents in between November 2020 and March 2021. After a correct investigation, they found that 90% of the document files were determined as destructive..

Amongst all the 160,000 documented files, the users discovered that 90% of the files have actually used Excel 4.0 (XLM) macros. If users experience a document that generally includes XLM macros, then it verifies that its macro will be destructive.

Quakbot Specimen.

The Excel 4.0 macros are being constantly adapted by the threat actors. just recently experts have found that hackers are abusing Excel 4.0 macros to spread ZLoader and Quakbot malware.

According to the cybersecurity researchers, XLM macros are a legacy Office alternative, and as a result, it provides a little opportunity that the new files would use them rather of more “modern-day” VBA macros.