Hackers Abuse Excel 4.0 Macros to Deliver Malware such as ZLoader & Quakbot


After analyzing the harmful attack, the professionals came to understand that they are handling the Quakbot household. Security scientists have actually described even more that the hackers behind Quakbot typically distribute all their payloads in the kind of an Excel file.

Thats why the hackers try to persuade their targets to allow macros so that they can easily decrypt the material. The messages that the hackers send out are rather convincing, and for that reason most of the time, users fall for their trap.

However, to know all its key information, the specialists have downloaded all the recorded files of Excel as much as November 2020, that consist of nearly 160,000, as we informed earlier.

Quakbot Specimen.

The analysts familiarized about this malware through a survey of 160,000 Excel 4.0 files in between November 2020 and March 2021. After an appropriate investigation, they found that 90% of the document files were determined as malicious..

Its not the very first time hackers are abusing Excel 4.0; many of the hackers attack Excel to spread their malware in the entire system.

Among all the 160,000 recorded files, the users discovered that 90% of the files have actually used Excel 4.0 (XLM) macros. However, if users experience a document that normally includes XLM macros, then it validates that its macro will be harmful.

The Excel 4.0 macros are being continually adjusted by the threat actors. just recently specialists have identified that hackers are abusing Excel 4.0 macros to spread ZLoader and Quakbot malware.

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity, and hacking news updates.

In a report, the cybersecurity scientists mentioned that Excel4 (XLM) macros are a legacy scripting language that was very first launched in 1992..


Analytical Analysis & & Data.

Moreover, the experts came to understand that the malware tricked the users into allowing macros with persuading messages, however they have actually likewise featured embedded files including XLM macros.

The Excel macros are quite old, but hackers are targetting them since it offers courses to gain access to all the effective functionalities like interaction with the os (OS).

These XLM macros download and execute a malicious second-stage payload retrieved from a remote server. Thats why the cybersecurity scientists verified that it is very important that Macros needs to get decrypted as quickly as possible.

According to the cybersecurity researchers, XLM macros are a legacy Office choice, and as a result, it provides a little chance that the new documents would utilize them rather of more “modern-day” VBA macros.