- XWorm resurfaces with versions 6.0–6.5, now maintained by alias XCoderTools
- Malware includes RAT, ransomware, data theft, DoS, and over 35 modular plugins
- Trellix reports rising VirusTotal samples; phishing remains key propagation method
XWorm, the infamous backdoor malware used to wreak havoc several years ago, has apparently returned after a year-long sabbatical.
Security researchers found three new versions, 6.0, 6.4, and 6.5, which have surfaced on the dark web, with multiple threat actors using it in their campaigns.
XWorm was built and maintained by a threat actor named XCoder, back in 2022. They used to share details and updates on Telegram, before going dark. The last version of the malware[1] was XWorm 5.6, which apparently was vulnerable to remote code execution.
Numerous capabilities
It is not known if the original developer is back, or if the tool was picked up by a separate threat actor. In any case, the alias maintaining it now is XCoderTools.
The malware itself now comes with numerous new capabilities, as well as a modular design.
Its primary feature, to work as a remote access trojan (RAT), is still there. It also comes with a ransomware module, the ability to steal sensitive information from compromised devices, monitor the clipboard, log keystrokes, and capture screens.
It can execute arbitrary commands on the infected system, manage files, pull OS details, and launch denial-of-service (DoS) attacks.
In total, more than 35 plugins enable tailored functionality, depending on the target, making XWorm a highly versatile and dangerous malware.
Cybercriminals can now acquire the tool for a $500 lifetime subscription, XCoderTools advertised, further stressing that the RCE vulnerability has been addressed, as well.
It seems to be working, too, since security researchers Trellix saw an uptick in XWorm samples being uploaded to VirusTotal.
The best way for businesses to defend against new XWorm attacks is to go for a multi-layered security approach that can respond to attacks even after compromise. Training staff on the dangers of phishing can help, too, since the worm is mostly propagated through email.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button![3][4]
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.[5][6]
You might also like
References
- ^ malware (www.techradar.com)
- ^ BleepingComputer (www.bleepingcomputer.com)
- ^ Follow TechRadar on Google News (news.google.com)
- ^ add us as a preferred source (www.google.com)
- ^ follow TechRadar on TikTok (www.tiktok.com)
- ^ WhatsApp (whatsapp.com)