Hackers Abuse Excel 4.0 Macros to Deliver Malware such as ZLoader & Quakbot


To understand all its essential information, the specialists have actually downloaded all the documented files of Excel up to November 2020, that consist of almost 160,000, as we told previously.

The professionals came to know that the malware tricked the users into enabling macros with convincing messages, but they have likewise come with embedded files including XLM macros.

The experts came to know about this malware through a study of 160,000 Excel 4.0 files between November 2020 and March 2021. After an appropriate investigation, they discovered that 90% of the file files were determined as destructive..

The Excel macros are quite old, but hackers are targetting them since it supplies paths to gain access to all the effective functionalities like interaction with the operating system (OS).

Among all the 160,000 recorded files, the users discovered that 90% of the files have actually utilized Excel 4.0 (XLM) macros. If users come across a file that usually includes XLM macros, then it confirms that its macro will be destructive.

Quakbot Specimen.

In a report, the cybersecurity scientists stated that Excel4 (XLM) macros are a tradition scripting language that was first launched in 1992..

Statistical Analysis & & Data.

Thats why the hackers try to persuade their targets to enable macros so that they can easily decrypt the content. The messages that the hackers send out are quite persuading, and for that reason many of the time, users fall for their trap.

These XLM macros download and execute a destructive second-stage payload retrieved from a remote server. Thats why the cybersecurity scientists verified that it is extremely important that Macros should get decrypted as soon as possible.

According to the cybersecurity scientists, XLM macros are a legacy Office alternative, and subsequently, it provides a little possibility that the new files would utilize them rather of more “modern” VBA macros.

The Excel 4.0 macros are being constantly adjusted by the risk actors. recently professionals have actually identified that hackers are abusing Excel 4.0 macros to spread ZLoader and Quakbot malware.


After examining the malicious attack, the professionals familiarized that they are dealing with the Quakbot household. Security researchers have actually described even more that the hackers behind Quakbot frequently disperse all their payloads in the form of an Excel document.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Its not the first time hackers are abusing Excel 4.0; most of the hackers attack Excel to spread their malware in the entire system.