Hackers Abuse Excel 4.0 Macros to Deliver Malware such as ZLoader & Quakbot


Moreover, the specialists familiarized that the malware fooled the users into allowing macros with persuading messages, however they have actually also come with embedded files containing XLM macros.

To know all its key information, the specialists have downloaded all the recorded files of Excel up to November 2020, that consist of almost 160,000, as we informed previously.


After analyzing the destructive attack, the professionals came to understand that they are dealing with the Quakbot household. Security scientists have actually described even more that the hackers behind Quakbot often disperse all their payloads in the kind of an Excel document.

In a report, the cybersecurity scientists specified that Excel4 (XLM) macros are a tradition scripting language that was first launched in 1992..

Among all the 160,000 documented files, the users discovered that 90% of the files have actually utilized Excel 4.0 (XLM) macros. If users come across a document that typically includes XLM macros, then it confirms that its macro will be harmful.

The Excel 4.0 macros are being constantly adjusted by the hazard stars. just recently specialists have detected that hackers are abusing Excel 4.0 macros to spread out ZLoader and Quakbot malware.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Thats why the hackers try to convince their targets to allow macros so that they can easily decrypt the content. Nevertheless, the messages that the hackers send out are quite persuading, and for that reason the majority of the time, users fall for their trap.

Its not the very first time hackers are abusing Excel 4.0; many of the hackers attack Excel to spread their malware in the entire system.

Quakbot Specimen.

The Excel macros are quite old, however hackers are targetting them since it provides paths to gain access to all the effective performances like interaction with the operating system (OS).

Nevertheless, these XLM macros download and execute a harmful second-stage payload recovered from a remote server. Thats why the cybersecurity researchers verified that it is extremely important that Macros must get decrypted as soon as possible.

Statistical Analysis & & Data.

The experts familiarized about this malware through a study of 160,000 Excel 4.0 documents between November 2020 and March 2021. After a correct examination, they found that 90% of the document files were identified as destructive..

According to the cybersecurity scientists, XLM macros are a legacy Office option, and as a result, it supplies a little chance that the brand-new files would utilize them rather of more “contemporary” VBA macros.