{"id":1727,"date":"2021-04-29T15:23:30","date_gmt":"2021-04-29T09:53:30","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=1727"},"modified":"2021-06-07T11:20:29","modified_gmt":"2021-06-07T05:50:29","slug":"hackers-are-infecting-excel-4-0-while-transmitting-the-malware","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/","title":{"rendered":"Hackers are Infecting Excel 4.0 while Transmitting the Malware!"},"content":{"rendered":"\n<p><p style=\"text-align: justify\">The attackers are rapidly using Excel 4.0 while initiating the stage vector and mitigate the malware that deals with Quakbot and Zloader. According to the research, these things are identified after the analysis of 160,000 Excel 4.0 documents in between the period of November 2020 to March 2021. In the analysis, more than 90% are classified and found as malicious or dangerous.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">According to the experts, the biggest risk for infected organizations and users is that they will face multiple problems while detecting the unauthorized Excel 4.0 document, most of the documents are signed or verified.<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"728\" height=\"234\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/hackers-infecting-excel-4.0-image1.png\" alt=\"Hackers are Infecting Excel 4.0 while Transmitting the Malware!\" class=\"wp-image-1728\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/hackers-infecting-excel-4.0-image1.png 728w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/hackers-infecting-excel-4.0-image1-300x96.png 300w\" sizes=\"(max-width: 728px) 100vw, 728px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify\">However, the Excel 4.0 macros stores the data in .xlm file format which is the precursor of Visual Basic and it had a legitimate capability that is incorporated in MS Excel for backward compatibility issues. The organization also warns the users that enabling the macros will very dangerous while executing.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">Meanwhile, the evolving malware Quakbot was founded in 2007, having the capability of a banking trojan while used to steals the banking data and other financial information and also having the worm-like propagation features. This malware was transmitted using the Office documents and the other version of this malware is also capable to deliver the payloads, store log user keystrokes, or create a backdoor that compromised the devices.<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"728\" height=\"517\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/hackers-infecting-excel-4.0-image2.jpg\" alt=\"Hackers are Infecting Excel 4.0 while Transmitting the Malware!\" class=\"wp-image-1729\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/hackers-infecting-excel-4.0-image2.jpg 728w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/hackers-infecting-excel-4.0-image2-300x213.jpg 300w\" sizes=\"(max-width: 728px) 100vw, 728px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify\">Whereas, in the investigation, the experts analyzed that the malware is not tricked by enabling the macros. It is also tricked by embedded files that hold the XLM macros which are further installed and executed the second stage payload that was controlled from the remote server. Another sample that deals with Base64-encoded payload in one excel sheets, which also tries to download the other files from the malicious URL.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Summering Up<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify\">The researcher also added that this backward capability is very important for the applications and from a security perspective it is the best way if these are decrypted at some point at a time. Although those who are holding 30 years of old macros should be weighed against the security risk that is very old and outdated.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The attackers are rapidly using Excel 4.0 while initiating the stage vector and mitigate the malware that deals with Quakbot and Zloader. According to the research, these things are identified after the analysis of 160,000 Excel 4.0 documents in between the period of November 2020 to March 2021. In the analysis, more than 90% are [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1731,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Hackers are Infecting Excel 4.0 while Transmitting the Malware! - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackers are Infecting Excel 4.0 while Transmitting the Malware! - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"The attackers are rapidly using Excel 4.0 while initiating the stage vector and mitigate the malware that deals with Quakbot and Zloader. According to the research, these things are identified after the analysis of 160,000 Excel 4.0 documents in between the period of November 2020 to March 2021. In the analysis, more than 90% are [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-29T09:53:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-06-07T05:50:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/hackers-infect-excel-4.0-featured-image.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Hackers are Infecting Excel 4.0 while Transmitting the Malware!\",\"datePublished\":\"2021-04-29T09:53:30+00:00\",\"dateModified\":\"2021-06-07T05:50:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/\"},\"wordCount\":341,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/\",\"url\":\"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/\",\"name\":\"Hackers are Infecting Excel 4.0 while Transmitting the Malware! - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-04-29T09:53:30+00:00\",\"dateModified\":\"2021-06-07T05:50:29+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hackers are Infecting Excel 4.0 while Transmitting the Malware!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hackers are Infecting Excel 4.0 while Transmitting the Malware! - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/","og_locale":"en_US","og_type":"article","og_title":"Hackers are Infecting Excel 4.0 while Transmitting the Malware! - Xiarch Solutions Private Limited","og_description":"The attackers are rapidly using Excel 4.0 while initiating the stage vector and mitigate the malware that deals with Quakbot and Zloader. According to the research, these things are identified after the analysis of 160,000 Excel 4.0 documents in between the period of November 2020 to March 2021. In the analysis, more than 90% are [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-04-29T09:53:30+00:00","article_modified_time":"2021-06-07T05:50:29+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/04\/hackers-infect-excel-4.0-featured-image.png","type":"image\/png"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Hackers are Infecting Excel 4.0 while Transmitting the Malware!","datePublished":"2021-04-29T09:53:30+00:00","dateModified":"2021-06-07T05:50:29+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/"},"wordCount":341,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/","url":"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/","name":"Hackers are Infecting Excel 4.0 while Transmitting the Malware! - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-04-29T09:53:30+00:00","dateModified":"2021-06-07T05:50:29+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/hackers-are-infecting-excel-4-0-while-transmitting-the-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Hackers are Infecting Excel 4.0 while Transmitting the Malware!"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1727"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=1727"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1727\/revisions"}],"predecessor-version":[{"id":1732,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1727\/revisions\/1732"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/1731"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=1727"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=1727"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=1727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}