Hackers Abuse Excel 4.0 Macros to Deliver Malware such as ZLoader & Quakbot


Amongst all the 160,000 documented files, the users discovered that 90% of the files have actually utilized Excel 4.0 (XLM) macros. But, if users experience a file that typically contains XLM macros, then it confirms that its macro will be malicious.

Its not the first time hackers are abusing Excel 4.0; the majority of the hackers attack Excel to spread their malware in the entire system.

In a report, the cybersecurity scientists specified that Excel4 (XLM) macros are a legacy scripting language that was first released in 1992..


Nevertheless, these XLM macros download and carry out a harmful second-stage payload obtained from a remote server. Thats why the cybersecurity scientists affirmed that it is really crucial that Macros must get decrypted as soon as possible.

Statistical Analysis & & Data.

Furthermore, the professionals familiarized that the malware deceived the users into permitting macros with persuading messages, however they have likewise included embedded files including XLM macros.

According to the cybersecurity scientists, XLM macros are a legacy Office alternative, and subsequently, it offers a little opportunity that the new files would utilize them instead of more “modern-day” VBA macros.

The Excel 4.0 macros are being constantly adjusted by the threat stars. just recently specialists have actually found that hackers are abusing Excel 4.0 macros to spread out ZLoader and Quakbot malware.

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity, and hacking news updates.

Nevertheless, to understand all its crucial details, the specialists have actually downloaded all the recorded files of Excel as much as November 2020, that include nearly 160,000, as we informed previously.

Quakbot Specimen.

After analyzing the harmful attack, the specialists came to understand that they are handling the Quakbot family. Security scientists have actually described even more that the hackers behind Quakbot frequently disperse all their payloads in the form of an Excel document.

The Excel macros are rather old, however hackers are targetting them because it supplies paths to access all the effective functionalities like interaction with the operating system (OS).

Thats why the hackers try to convince their targets to allow macros so that they can easily decrypt the content. The messages that the hackers send are rather persuading, and for that reason most of the time, users fall for their trap.

The experts came to understand about this malware through a survey of 160,000 Excel 4.0 files between November 2020 and March 2021. After a proper investigation, they found that 90% of the file files were recognized as malicious..