Captures both online and offline keystrokes, including credentials and sensitive data.
: Capable of gathering private files, hijacking Telegram and MetaMask accounts, and stealing browser credentials. System Monitoring
Uses obfuscated scripts to download a .NET-based loader.
represents a significant evolution in RAT technology, combining data theft, surveillance, and ransomware in a single package. As the malware continues to receive updates, cybersecurity teams must stay vigilant by monitoring for the specific IoCs (Indicators of Compromise) associated with this strain, such as unusual network traffic and fileless execution techniques. xworm v31 updated
Integrated anti-debugging and anti-VM checks to detect researcher sandboxes. It also uses Windows Management Instrumentation (WMI) to identify installed antivirus software and remain unnoticed.
New delivery methods to bypass secure email gateways. Key Updated Features and Capabilities of XWorm v3.1
Legitimate system processes ( installutil.exe , RegAsm.exe ) initiating outbound internet connections or spawning PowerShell instances. Defensive and Mitigation Strategies It also uses Windows Management Instrumentation (WMI) to
Version 3.1 is known for its "effective simplicity" and broad feature set:
XWorm is highly modular, meaning attackers can "plug in" new features depending on their goals.
xWorm can disable security features like User Account Control (UAC) and Windows Firewall, and even grant itself "critical system process" status to crash the OS if someone tries to terminate it. featuring a potent mix of stealth
While version numbers can vary in reports (V6, V6.4), the most updated "v31" iteration embodies the culmination of this evolution, featuring a potent mix of stealth, resilience, and destructive capability.
If your organization does not require USB drives, disable them via Group Policy. If required, deploy an preventing the execution of LNK files from E:\ (Removable drives).