Hackers Abuse Excel 4.0 Macros to Deliver Malware such as ZLoader & Quakbot


Thats why the hackers attempt to convince their targets to permit macros so that they can quickly decrypt the material. The messages that the hackers send out are rather convincing, and therefore most of the time, users fall for their trap.

The experts familiarized about this malware through a study of 160,000 Excel 4.0 documents in between November 2020 and March 2021. After an appropriate examination, they found that 90% of the document files were identified as harmful..

According to the cybersecurity scientists, XLM macros are a tradition Office alternative, and consequently, it supplies a small chance that the brand-new files would utilize them rather of more “contemporary” VBA macros.

Quakbot Specimen.

Statistical Analysis & & Data.

The Excel macros are quite old, but hackers are targetting them since it offers courses to gain access to all the powerful performances like interaction with the os (OS).

To know all its crucial information, the experts have actually downloaded all the documented files of Excel up to November 2020, that consist of nearly 160,000, as we told earlier.

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity, and hacking news updates.

After analyzing the malicious attack, the specialists familiarized that they are handling the Quakbot family. Security researchers have actually described further that the hackers behind Quakbot often disperse all their payloads in the type of an Excel file.

Its not the very first time hackers are abusing Excel 4.0; the majority of the hackers attack Excel to spread their malware in the entire system.

Among all the 160,000 documented files, the users discovered that 90% of the files have actually used Excel 4.0 (XLM) macros. If users come across a document that usually consists of XLM macros, then it validates that its macro will be malicious.

The professionals came to understand that the malware tricked the users into allowing macros with persuading messages, however they have actually also come with ingrained files including XLM macros.


The Excel 4.0 macros are being continually adjusted by the danger stars. recently professionals have identified that hackers are abusing Excel 4.0 macros to spread ZLoader and Quakbot malware.

These XLM macros download and carry out a malicious second-stage payload retrieved from a remote server. Thats why the cybersecurity scientists verified that it is really essential that Macros should get decrypted as quickly as possible.

In a report, the cybersecurity scientists stated that Excel4 (XLM) macros are a legacy scripting language that was very first released in 1992..