Hackers Abuse Excel 4.0 Macros to Deliver Malware such as ZLoader & Quakbot


Statistical Analysis & & Data.

Quakbot Specimen.

According to the cybersecurity scientists, XLM macros are a legacy Office choice, and consequently, it offers a little chance that the new files would utilize them instead of more “modern-day” VBA macros.

The Excel 4.0 macros are being continuously adapted by the risk actors. just recently specialists have actually found that hackers are abusing Excel 4.0 macros to spread ZLoader and Quakbot malware.

Among all the 160,000 documented files, the users discovered that 90% of the files have actually used Excel 4.0 (XLM) macros. However, if users come across a document that generally consists of XLM macros, then it verifies that its macro will be malicious.

In a report, the cybersecurity researchers specified that Excel4 (XLM) macros are a tradition scripting language that was first launched in 1992..

Nevertheless, these XLM macros download and execute a harmful second-stage payload obtained from a remote server. Thats why the cybersecurity scientists affirmed that it is very important that Macros should get decrypted as soon as possible.


After examining the malicious attack, the professionals familiarized that they are dealing with the Quakbot family. Security scientists have described further that the hackers behind Quakbot frequently disperse all their payloads in the kind of an Excel file.

Thats why the hackers try to persuade their targets to enable macros so that they can easily decrypt the material. However, the messages that the hackers send out are rather convincing, and therefore most of the time, users succumb to their trap.

The professionals came to know that the malware deceived the users into permitting macros with convincing messages, however they have actually also come with ingrained files including XLM macros.

To understand all its essential information, the professionals have downloaded all the documented files of Excel up to November 2020, that consist of almost 160,000, as we informed previously.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Its not the very first time hackers are abusing Excel 4.0; many of the hackers attack Excel to spread their malware in the entire system.

The Excel macros are quite old, but hackers are targetting them since it supplies courses to gain access to all the powerful functionalities like interaction with the operating system (OS).

The analysts came to understand about this malware through a study of 160,000 Excel 4.0 documents between November 2020 and March 2021. After a proper examination, they discovered that 90% of the document files were determined as destructive..