Hackers Abuse Excel 4.0 Macros to Deliver Malware such as ZLoader & Quakbot


According to the cybersecurity scientists, XLM macros are a tradition Office choice, and subsequently, it provides a small possibility that the brand-new files would utilize them instead of more “modern” VBA macros.

The experts came to understand that the malware fooled the users into allowing macros with convincing messages, but they have likewise come with embedded files containing XLM macros.

These XLM macros download and carry out a malicious second-stage payload retrieved from a remote server. Thats why the cybersecurity scientists verified that it is extremely important that Macros needs to get decrypted as soon as possible.

Thats why the hackers try to persuade their targets to permit macros so that they can easily decrypt the material. The messages that the hackers send are quite persuading, and for that reason many of the time, users fall for their trap.

Quakbot Specimen.

Its not the very first time hackers are abusing Excel 4.0; most of the hackers attack Excel to spread their malware in the entire system.

Analytical Analysis & & Data.

Amongst all the 160,000 documented files, the users discovered that 90% of the files have utilized Excel 4.0 (XLM) macros. If users encounter a file that typically contains XLM macros, then it validates that its macro will be destructive.

The analysts familiarized about this malware through a study of 160,000 Excel 4.0 documents in between November 2020 and March 2021. After a correct investigation, they found that 90% of the file files were recognized as malicious..


After analyzing the harmful attack, the experts came to understand that they are dealing with the Quakbot family. Security scientists have actually described further that the hackers behind Quakbot typically distribute all their payloads in the type of an Excel document.

The Excel 4.0 macros are being continuously adjusted by the hazard actors. just recently experts have detected that hackers are abusing Excel 4.0 macros to spread out ZLoader and Quakbot malware.

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity, and hacking news updates.

In a report, the cybersecurity researchers specified that Excel4 (XLM) macros are a legacy scripting language that was very first introduced in 1992..

To understand all its essential details, the professionals have downloaded all the recorded files of Excel up to November 2020, that consist of almost 160,000, as we told previously.

The Excel macros are quite old, but hackers are targetting them because it offers courses to access all the effective performances like interaction with the operating system (OS).