Hackers Abuse Excel 4.0 Macros to Deliver Malware such as ZLoader & Quakbot


The experts came to understand that the malware fooled the users into allowing macros with persuading messages, however they have actually likewise come with embedded files containing XLM macros.

The Excel macros are rather old, however hackers are targetting them because it provides paths to gain access to all the powerful functionalities like interaction with the os (OS).

The experts familiarized about this malware through a survey of 160,000 Excel 4.0 documents between November 2020 and March 2021. After a proper investigation, they discovered that 90% of the document files were recognized as malicious..

These XLM macros download and perform a harmful second-stage payload retrieved from a remote server. Thats why the cybersecurity scientists verified that it is really important that Macros needs to get decrypted as soon as possible.

According to the cybersecurity researchers, XLM macros are a legacy Office choice, and consequently, it offers a small opportunity that the brand-new files would use them instead of more “contemporary” VBA macros.

Its not the very first time hackers are abusing Excel 4.0; many of the hackers attack Excel to spread their malware in the whole system.

In a report, the cybersecurity scientists mentioned that Excel4 (XLM) macros are a tradition scripting language that was very first released in 1992..

Nevertheless, to understand all its crucial information, the specialists have actually downloaded all the recorded files of Excel approximately November 2020, that consist of nearly 160,000, as we informed previously.

After analyzing the harmful attack, the professionals came to know that they are handling the Quakbot family. Security scientists have described even more that the hackers behind Quakbot often distribute all their payloads in the form of an Excel document.

Statistical Analysis & & Data.


Thats why the hackers attempt to convince their targets to enable macros so that they can quickly decrypt the content. The messages that the hackers send out are rather persuading, and for that reason many of the time, users fall for their trap.

Quakbot Specimen.

The Excel 4.0 macros are being constantly adapted by the hazard stars. just recently professionals have spotted that hackers are abusing Excel 4.0 macros to spread ZLoader and Quakbot malware.

Amongst all the 160,000 documented files, the users found that 90% of the files have used Excel 4.0 (XLM) macros. However, if users encounter a document that normally includes XLM macros, then it confirms that its macro will be destructive.

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity, and hacking news updates.