XWorm is a RAT (Remote Access Trojan), a malware-as-a-service. It was first discovered in July 2022 and is known to have originated from the ex-USSR.
The malware is capable of multiple things, such as stealing sensitive data and cryptocurrency, launching DDoS attacks, and ransomware deployment.
This malware has gone through several updates ever since its emergence in 2022, and the latest version is known to be 5.0 version as of August 2023.
Several threat actors are using it for multi-stage attacks on victims. XWorm is developed in the .NET framework and can be customized with various tools.
For the initial phase of the attack, threat actors send a phishing email containing a malicious Word document that loads a .rtf file when opened.
This file contains an Excel sheet with macros enabled for executing a PowerShell script that downloads the XWorm malware to the victim’s system.
XWorm has several capabilities, which include encrypted communication with the C2 server, Information gathering, Account Hijacking, User activity tracking, access to the clipboard, file management, etc.,
To bypass the UAC control in Windows systems, the malware attempts to escalate its privileges to that of an administrator, which will allow the malware to make changes without the victim’s consent.
For persistence on the infected systems, the malware adds itself to the startup list of programs that run when the computer starts.
Additionally, the malware is also capable of terminating its execution if the malware is installed inside a sandbox environment.
Furthermore, a complete report about this malware has been published by ANY RUN and provides detailed information on the execution process, code analysis, and other information.
swezy.ddns[.]net
0.tcp.ap[.]ngrok.io
atelilian99.ddns[.]net
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…
Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals,…