Excel 4.0 macros, or XLM macros, were first added to Excel in 1992 and allowed users to enter various commands into cells that were then executed to perform a task.
While VBA macros were introduced in Excel 5.0, threat carriers continue to use XLM macros twenty years later to create malicious downloadable documents malware or perform other unwanted behavior.
Malicious campaigns that use Excel 4.0 XLM macros include malware such as TrickBot, Qbot, Dridex, Zloader And much more.
Because of their ongoing misuse, Microsoft has been advising users to change and disable Excel 4.0 XLM macros for years in favor of VBA macros. This recommendation is because VBA macros support it Antimalware Scanning Interface (AMSI), which can be used by security software to scan macros for malicious behavior.