home.social

#xworm — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #xworm, aggregated by home.social.

  1. Watch out, hackers are hiding a new version of XWorm malware in files to bypass Windows security, steal data, and remotely control computers through ads!

    Read: hackread.com/hackers-pyinstall

  2. Watch out, hackers are hiding a new version of XWorm malware in #PyInstaller files to bypass Windows security, steal data, and remotely control computers through ads!

    Read: hackread.com/hackers-pyinstall

    #CyberSecurity #XWorm #Windows #Malware #Scam

  3. Watch out, hackers are hiding a new version of XWorm malware in #PyInstaller files to bypass Windows security, steal data, and remotely control computers through ads!

    Read: hackread.com/hackers-pyinstall

    #CyberSecurity #XWorm #Windows #Malware #Scam

  4. Watch out, hackers are hiding a new version of XWorm malware in #PyInstaller files to bypass Windows security, steal data, and remotely control computers through ads!

    Read: hackread.com/hackers-pyinstall

    #CyberSecurity #XWorm #Windows #Malware #Scam

  5. Watch out, hackers are hiding a new version of XWorm malware in #PyInstaller files to bypass Windows security, steal data, and remotely control computers through ads!

    Read: hackread.com/hackers-pyinstall

    #CyberSecurity #XWorm #Windows #Malware #Scam

  6. New XWorm 7.1 and Remcos RAT campaigns are abusing trusted #Windows utilities and memory-based execution to evade detection, giving attackers remote access to infected systems. The campaign also exploits a #WinRAR vulnerability to gain initial access.

    Read: hackread.com/xworm-7-1-remcos-

    #CyberSecurity #Malware #XWorm #RemcosRAT

  7. New XWorm 7.1 and Remcos RAT campaigns are abusing trusted utilities and memory-based execution to evade detection, giving attackers remote access to infected systems. The campaign also exploits a vulnerability to gain initial access.

    Read: hackread.com/xworm-7-1-remcos-

  8. New XWorm 7.1 and Remcos RAT campaigns are abusing trusted #Windows utilities and memory-based execution to evade detection, giving attackers remote access to infected systems. The campaign also exploits a #WinRAR vulnerability to gain initial access.

    Read: hackread.com/xworm-7-1-remcos-

    #CyberSecurity #Malware #XWorm #RemcosRAT

  9. New XWorm 7.1 and Remcos RAT campaigns are abusing trusted #Windows utilities and memory-based execution to evade detection, giving attackers remote access to infected systems. The campaign also exploits a #WinRAR vulnerability to gain initial access.

    Read: hackread.com/xworm-7-1-remcos-

    #CyberSecurity #Malware #XWorm #RemcosRAT

  10. New XWorm 7.1 and Remcos RAT campaigns are abusing trusted #Windows utilities and memory-based execution to evade detection, giving attackers remote access to infected systems. The campaign also exploits a #WinRAR vulnerability to gain initial access.

    Read: hackread.com/xworm-7-1-remcos-

    #CyberSecurity #Malware #XWorm #RemcosRAT

  11. 📢⚠️ Hackers are exploiting an old Excel vulnerability to spread XWorm 7.2 malware hidden in JPEG files disguised as invoices. The attack steals passwords and Wi-Fi keys and grants remote access to infected PCs.

    Read: hackread.com/hackers-excel-exp

    #CyberSecurity #Malware #Phishing #XWorm #MicrosoftExcel

  12. 📢⚠️ Hackers are exploiting an old Excel vulnerability to spread XWorm 7.2 malware hidden in JPEG files disguised as invoices. The attack steals passwords and Wi-Fi keys and grants remote access to infected PCs.

    Read: hackread.com/hackers-excel-exp

  13. 📢⚠️ Hackers are exploiting an old Excel vulnerability to spread XWorm 7.2 malware hidden in JPEG files disguised as invoices. The attack steals passwords and Wi-Fi keys and grants remote access to infected PCs.

    Read: hackread.com/hackers-excel-exp

    #CyberSecurity #Malware #Phishing #XWorm #MicrosoftExcel

  14. 📢⚠️ Hackers are exploiting an old Excel vulnerability to spread XWorm 7.2 malware hidden in JPEG files disguised as invoices. The attack steals passwords and Wi-Fi keys and grants remote access to infected PCs.

    Read: hackread.com/hackers-excel-exp

    #CyberSecurity #Malware #Phishing #XWorm #MicrosoftExcel

  15. 📢⚠️ Hackers are exploiting an old Excel vulnerability to spread XWorm 7.2 malware hidden in JPEG files disguised as invoices. The attack steals passwords and Wi-Fi keys and grants remote access to infected PCs.

    Read: hackread.com/hackers-excel-exp

    #CyberSecurity #Malware #Phishing #XWorm #MicrosoftExcel

  16. Observed campaign summary:

    Initial Access:
    • Phishing emails with Excel (.XLAM) attachments
    Execution:
    • CVE-2018-0802 (EQNEDT32.EXE)
    • HTA → mshta.exe
    • PowerShell in-memory decoding
    Deployment:
    • Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
    • Process hollowing into Msbuild.exe
    • AES-encrypted C2 packets
    • delimited command protocol
    • Plugin-based architecture (50+ modules)

    Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.

    This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.

    Blue teamers - which telemetry source provides the strongest signal here?

    Source: fortinet.com/blog/threat-resea

    Follow @technadu for ongoing malware analysis and threat intelligence coverage.

    #Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu

  17. Observed campaign summary:

    Initial Access:
    • Phishing emails with Excel (.XLAM) attachments
    Execution:
    • CVE-2018-0802 (EQNEDT32.EXE)
    • HTA → mshta.exe
    • PowerShell in-memory decoding
    Deployment:
    • Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
    • Process hollowing into Msbuild.exe
    • AES-encrypted C2 packets
    • delimited command protocol
    • Plugin-based architecture (50+ modules)

    Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.

    This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.

    Blue teamers - which telemetry source provides the strongest signal here?

    Source: fortinet.com/blog/threat-resea

    Follow @technadu for ongoing malware analysis and threat intelligence coverage.

    #Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu

  18. Observed campaign summary:

    Initial Access:
    • Phishing emails with Excel (.XLAM) attachments
    Execution:
    • CVE-2018-0802 (EQNEDT32.EXE)
    • HTA → mshta.exe
    • PowerShell in-memory decoding
    Deployment:
    • Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
    • Process hollowing into Msbuild.exe
    • AES-encrypted C2 packets
    • delimited command protocol
    • Plugin-based architecture (50+ modules)

    Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.

    This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.

    Blue teamers - which telemetry source provides the strongest signal here?

    Source: fortinet.com/blog/threat-resea

    Follow @technadu for ongoing malware analysis and threat intelligence coverage.

    #Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu

  19. Observed campaign summary:

    Initial Access:
    • Phishing emails with Excel (.XLAM) attachments
    Execution:
    • CVE-2018-0802 (EQNEDT32.EXE)
    • HTA → mshta.exe
    • PowerShell in-memory decoding
    Deployment:
    • Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
    • Process hollowing into Msbuild.exe
    • AES-encrypted C2 packets
    • delimited command protocol
    • Plugin-based architecture (50+ modules)

    Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.

    This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.

    Blue teamers - which telemetry source provides the strongest signal here?

    Source: fortinet.com/blog/threat-resea

    Follow @technadu for ongoing malware analysis and threat intelligence coverage.

    #Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu

  20. 2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at malware-traffic-analysis.net/2

    I've also added three other blog entries from infections I generated in my lab on Tuesday, 2026-01-20. Those can be found at malware-traffic-analysis.net/2

    Those three other entries cover #LummaStealer, #VIPRecovery, and #Xworm. The VIP Recovery and Xworm infections followed the same chain of events, which includes #steganography through base64 text embedded in an image.

  21. 2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at malware-traffic-analysis.net/2

    I've also added three other blog entries from infections I generated in my lab on Tuesday, 2026-01-20. Those can be found at malware-traffic-analysis.net/2

    Those three other entries cover #LummaStealer, #VIPRecovery, and #Xworm. The VIP Recovery and Xworm infections followed the same chain of events, which includes #steganography through base64 text embedded in an image.

  22. 2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at malware-traffic-analysis.net/2

    I've also added three other blog entries from infections I generated in my lab on Tuesday, 2026-01-20. Those can be found at malware-traffic-analysis.net/2

    Those three other entries cover #LummaStealer, #VIPRecovery, and #Xworm. The VIP Recovery and Xworm infections followed the same chain of events, which includes #steganography through base64 text embedded in an image.

  23. 2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at malware-traffic-analysis.net/2

    I've also added three other blog entries from infections I generated in my lab on Tuesday, 2026-01-20. Those can be found at malware-traffic-analysis.net/2

    Those three other entries cover #LummaStealer, #VIPRecovery, and #Xworm. The VIP Recovery and Xworm infections followed the same chain of events, which includes #steganography through base64 text embedded in an image.

  24. 2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at malware-traffic-analysis.net/2

    I've also added three other blog entries from infections I generated in my lab on Tuesday, 2026-01-20. Those can be found at malware-traffic-analysis.net/2

    Those three other entries cover #LummaStealer, #VIPRecovery, and #Xworm. The VIP Recovery and Xworm infections followed the same chain of events, which includes #steganography through base64 text embedded in an image.

  25. #xworm #asyncrat #purehvnc at:

    https:// locale-respondent-realtor-excellent.trycloudflare\.com

  26. #xworm #asyncrat #purehvnc at:

    https:// locale-respondent-realtor-excellent.trycloudflare\.com

  27. #xworm #asyncrat #purehvnc at:

    https:// locale-respondent-realtor-excellent.trycloudflare\.com

  28. #xworm #asyncrat #purehvnc at:

    https:// locale-respondent-realtor-excellent.trycloudflare\.com

  29. RE: infosec.exchange/@threatinsigh

    Auch wir beobachten diese #XWorm-Welle und sehen Verbindungen zum C2-Server in den Netflows.

    Wir informieren betroffene Einrichtungen. 🤗

  30. RE: infosec.exchange/@threatinsigh

    Auch wir beobachten diese #XWorm-Welle und sehen Verbindungen zum C2-Server in den Netflows.

    Wir informieren betroffene Einrichtungen. 🤗