Excel 4.0 XLM macros have existed for more than three decades, but they have only recently gained popularity among attackers. Although microsoft has long recommended VBA macros instead of XLM, many organizations still use the latter to perform critical functions like automating repetitive tasks and loading business data into Excel. Now they have to take Microsoft’s advice seriously as adversaries are finding new ways to weaponize Excel 4.0 macros for delivering additional, more sophisticated malware.
What are Excel 4.0 XLM macros?
When Microsoft programmers released Excel 4.0 for Windows 3.0 and 3.1 in 1992, they seeded XLM macros in this Excel version. Through macro worksheets, XML macros allow users to automate functions in Excel 4.0. They are also easy to create: you just need to click “Sheet1” at the bottom of your Excel screen, select “Insert,” choose “MS Excel 4.0 Macro” from the objects list and click “OK.” Taking these steps opens up a special worksheet where you can write your XLM macros.
XLM macros are quite powerful. Although some are as simple as =ALERT(“Hello World”), which displays a dialog box with the Hello World message, others can be configured to allow access to WinAPI, file system and more.