XWorm is now an upgraded piece of malware that can do whole lot more than it used to do, according to an article recently read on bleeping computer.
New versions of the XWorm backdoor are being distributed in phishing campaigns after the original developer, XCoder, abandoned the project last year.
The latest variants, XWorm 6.0, 6.4, and 6.5, appear to be adopted by multiple threat actors and have support for plugins that allow a wide range of malicious activities.
Malware operators can use the modules to steal data from browsers and applications, take control of the host through remote desktop and shell access, and encrypt or decrypt files.
The article continues:
The last known version of the malware developed by XCoder is 5.6, which was vulnerable to a remote code execution flaw, addressed in the recent variants.
Versatile and popularXWorm is a remote access trojan first observed in 2022. It gained a reputation as a highly effective malware due to its modular architecture and extensive capabilities.
The article continues:
XWorm was so popular that a threat actor used it as a lure to target less-skilled cybercriminals with a backdoor that stole data.
That campaign counted 18,459 infections, most of them in Russia, the United States, India, Ukraine, and Turkey.
Variety of delivery methodsThe new version started to be advertised on a hacker forum from an account with the username XCoderTools, who offered access for a $500 lifetime subscription.
These are some of the highlights. XWorm malware resurfaces with ransomware module, over 35 plugins is the article if you want to read it.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.