#xworm — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #xworm, aggregated by home.social.
-
Watch out, hackers are hiding a new version of XWorm malware in #PyInstaller files to bypass Windows security, steal data, and remotely control computers through ads!
Read: https://hackread.com/hackers-pyinstaller-amsi-patching-xworm-rat-v7-4/
-
Watch out, hackers are hiding a new version of XWorm malware in #PyInstaller files to bypass Windows security, steal data, and remotely control computers through ads!
Read: https://hackread.com/hackers-pyinstaller-amsi-patching-xworm-rat-v7-4/
-
Watch out, hackers are hiding a new version of XWorm malware in #PyInstaller files to bypass Windows security, steal data, and remotely control computers through ads!
Read: https://hackread.com/hackers-pyinstaller-amsi-patching-xworm-rat-v7-4/
-
Watch out, hackers are hiding a new version of XWorm malware in #PyInstaller files to bypass Windows security, steal data, and remotely control computers through ads!
Read: https://hackread.com/hackers-pyinstaller-amsi-patching-xworm-rat-v7-4/
-
Watch out, hackers are hiding a new version of XWorm malware in #PyInstaller files to bypass Windows security, steal data, and remotely control computers through ads!
Read: https://hackread.com/hackers-pyinstaller-amsi-patching-xworm-rat-v7-4/
-
New XWorm 7.1 and Remcos RAT campaigns are abusing trusted #Windows utilities and memory-based execution to evade detection, giving attackers remote access to infected systems. The campaign also exploits a #WinRAR vulnerability to gain initial access.
Read: https://hackread.com/xworm-7-1-remcos-rat-windows-tools-evade-detection/
-
New XWorm 7.1 and Remcos RAT campaigns are abusing trusted #Windows utilities and memory-based execution to evade detection, giving attackers remote access to infected systems. The campaign also exploits a #WinRAR vulnerability to gain initial access.
Read: https://hackread.com/xworm-7-1-remcos-rat-windows-tools-evade-detection/
-
New XWorm 7.1 and Remcos RAT campaigns are abusing trusted #Windows utilities and memory-based execution to evade detection, giving attackers remote access to infected systems. The campaign also exploits a #WinRAR vulnerability to gain initial access.
Read: https://hackread.com/xworm-7-1-remcos-rat-windows-tools-evade-detection/
-
New XWorm 7.1 and Remcos RAT campaigns are abusing trusted #Windows utilities and memory-based execution to evade detection, giving attackers remote access to infected systems. The campaign also exploits a #WinRAR vulnerability to gain initial access.
Read: https://hackread.com/xworm-7-1-remcos-rat-windows-tools-evade-detection/
-
New XWorm 7.1 and Remcos RAT campaigns are abusing trusted #Windows utilities and memory-based execution to evade detection, giving attackers remote access to infected systems. The campaign also exploits a #WinRAR vulnerability to gain initial access.
Read: https://hackread.com/xworm-7-1-remcos-rat-windows-tools-evade-detection/
-
#reverseloader #xworm #opendir at:
http://158.94.211\.63/dealer/
-
#reverseloader #xworm #opendir at:
http://158.94.211\.63/dealer/
-
#reverseloader #xworm #opendir at:
http://158.94.211\.63/dealer/
-
#reverseloader #xworm #opendir at:
http://158.94.211\.63/dealer/
-
#reverseloader #xworm #opendir at:
http://158.94.211\.63/dealer/
-
📢⚠️ Hackers are exploiting an old Excel vulnerability to spread XWorm 7.2 malware hidden in JPEG files disguised as invoices. The attack steals passwords and Wi-Fi keys and grants remote access to infected PCs.
Read: https://hackread.com/hackers-excel-exploit-xworm-7-2-jpeg-files-hijack-pcs/
-
📢⚠️ Hackers are exploiting an old Excel vulnerability to spread XWorm 7.2 malware hidden in JPEG files disguised as invoices. The attack steals passwords and Wi-Fi keys and grants remote access to infected PCs.
Read: https://hackread.com/hackers-excel-exploit-xworm-7-2-jpeg-files-hijack-pcs/
-
📢⚠️ Hackers are exploiting an old Excel vulnerability to spread XWorm 7.2 malware hidden in JPEG files disguised as invoices. The attack steals passwords and Wi-Fi keys and grants remote access to infected PCs.
Read: https://hackread.com/hackers-excel-exploit-xworm-7-2-jpeg-files-hijack-pcs/
-
📢⚠️ Hackers are exploiting an old Excel vulnerability to spread XWorm 7.2 malware hidden in JPEG files disguised as invoices. The attack steals passwords and Wi-Fi keys and grants remote access to infected PCs.
Read: https://hackread.com/hackers-excel-exploit-xworm-7-2-jpeg-files-hijack-pcs/
-
📢⚠️ Hackers are exploiting an old Excel vulnerability to spread XWorm 7.2 malware hidden in JPEG files disguised as invoices. The attack steals passwords and Wi-Fi keys and grants remote access to infected PCs.
Read: https://hackread.com/hackers-excel-exploit-xworm-7-2-jpeg-files-hijack-pcs/
-
Observed campaign summary:
Initial Access:
• Phishing emails with Excel (.XLAM) attachments
Execution:
• CVE-2018-0802 (EQNEDT32.EXE)
• HTA → mshta.exe
• PowerShell in-memory decoding
Deployment:
• Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
• Process hollowing into Msbuild.exe
• AES-encrypted C2 packets
• delimited command protocol
• Plugin-based architecture (50+ modules)Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.
This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.
Blue teamers - which telemetry source provides the strongest signal here?
Follow @technadu for ongoing malware analysis and threat intelligence coverage.
#Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu
-
Observed campaign summary:
Initial Access:
• Phishing emails with Excel (.XLAM) attachments
Execution:
• CVE-2018-0802 (EQNEDT32.EXE)
• HTA → mshta.exe
• PowerShell in-memory decoding
Deployment:
• Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
• Process hollowing into Msbuild.exe
• AES-encrypted C2 packets
• delimited command protocol
• Plugin-based architecture (50+ modules)Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.
This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.
Blue teamers - which telemetry source provides the strongest signal here?
Follow @technadu for ongoing malware analysis and threat intelligence coverage.
#Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu
-
Observed campaign summary:
Initial Access:
• Phishing emails with Excel (.XLAM) attachments
Execution:
• CVE-2018-0802 (EQNEDT32.EXE)
• HTA → mshta.exe
• PowerShell in-memory decoding
Deployment:
• Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
• Process hollowing into Msbuild.exe
• AES-encrypted C2 packets
• delimited command protocol
• Plugin-based architecture (50+ modules)Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.
This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.
Blue teamers - which telemetry source provides the strongest signal here?
Follow @technadu for ongoing malware analysis and threat intelligence coverage.
#Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu
-
Observed campaign summary:
Initial Access:
• Phishing emails with Excel (.XLAM) attachments
Execution:
• CVE-2018-0802 (EQNEDT32.EXE)
• HTA → mshta.exe
• PowerShell in-memory decoding
Deployment:
• Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
• Process hollowing into Msbuild.exe
• AES-encrypted C2 packets
• delimited command protocol
• Plugin-based architecture (50+ modules)Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.
This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.
Blue teamers - which telemetry source provides the strongest signal here?
Follow @technadu for ongoing malware analysis and threat intelligence coverage.
#Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu
-
#xworm dropping #originlogger , and reusing #remcos c2:
https://app.any.run/tasks/9e32da84-ba55-4ac9-96f2-b7ff02d15d6b
-
#xworm dropping #originlogger , and reusing #remcos c2:
https://app.any.run/tasks/9e32da84-ba55-4ac9-96f2-b7ff02d15d6b
-
#xworm dropping #originlogger , and reusing #remcos c2:
https://app.any.run/tasks/9e32da84-ba55-4ac9-96f2-b7ff02d15d6b
-
2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at https://www.malware-traffic-analysis.net/2026/01/06/index.html
I've also added three other blog entries from infections I generated in my lab on Tuesday, 2026-01-20. Those can be found at https://www.malware-traffic-analysis.net/2026/index.html
Those three other entries cover #LummaStealer, #VIPRecovery, and #Xworm. The VIP Recovery and Xworm infections followed the same chain of events, which includes #steganography through base64 text embedded in an image.
-
2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at https://www.malware-traffic-analysis.net/2026/01/06/index.html
I've also added three other blog entries from infections I generated in my lab on Tuesday, 2026-01-20. Those can be found at https://www.malware-traffic-analysis.net/2026/index.html
Those three other entries cover #LummaStealer, #VIPRecovery, and #Xworm. The VIP Recovery and Xworm infections followed the same chain of events, which includes #steganography through base64 text embedded in an image.
-
2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at https://www.malware-traffic-analysis.net/2026/01/06/index.html
I've also added three other blog entries from infections I generated in my lab on Tuesday, 2026-01-20. Those can be found at https://www.malware-traffic-analysis.net/2026/index.html
Those three other entries cover #LummaStealer, #VIPRecovery, and #Xworm. The VIP Recovery and Xworm infections followed the same chain of events, which includes #steganography through base64 text embedded in an image.
-
2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at https://www.malware-traffic-analysis.net/2026/01/06/index.html
I've also added three other blog entries from infections I generated in my lab on Tuesday, 2026-01-20. Those can be found at https://www.malware-traffic-analysis.net/2026/index.html
Those three other entries cover #LummaStealer, #VIPRecovery, and #Xworm. The VIP Recovery and Xworm infections followed the same chain of events, which includes #steganography through base64 text embedded in an image.
-
2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at https://www.malware-traffic-analysis.net/2026/01/06/index.html
I've also added three other blog entries from infections I generated in my lab on Tuesday, 2026-01-20. Those can be found at https://www.malware-traffic-analysis.net/2026/index.html
Those three other entries cover #LummaStealer, #VIPRecovery, and #Xworm. The VIP Recovery and Xworm infections followed the same chain of events, which includes #steganography through base64 text embedded in an image.
-
2nd time I've seen #xworm dropping #phantomstealer so might as well share:
https://app.any.run/tasks/f2961848-ef25-48c3-b73c-2c5e137db501
-
-
-
-
-
Top 3 Malware Families in Q4: How to Keep Your SOC Ready https://hackread.com/top-3-malware-families-in-q4-how-to-keep-your-soc-ready/ #ThreatIntelligence #Cybersecurity #Vulnerability #LummaStealer #AgentTesla #Security #Malware #ANYRUN #XWorm #SOC
-
Top 3 Malware Families in Q4: How to Keep Your SOC Ready https://hackread.com/top-3-malware-families-in-q4-how-to-keep-your-soc-ready/ #ThreatIntelligence #Cybersecurity #Vulnerability #LummaStealer #AgentTesla #Security #Malware #ANYRUN #XWorm #SOC
-
RE: https://infosec.exchange/@threatinsight/115408637235710538
Auch wir beobachten diese #XWorm-Welle und sehen Verbindungen zum C2-Server in den Netflows.
Wir informieren betroffene Einrichtungen. 🤗
-
RE: https://infosec.exchange/@threatinsight/115408637235710538
Auch wir beobachten diese #XWorm-Welle und sehen Verbindungen zum C2-Server in den Netflows.
Wir informieren betroffene Einrichtungen. 🤗
-
New Polymorphic Malware Undetected by Security Tools https://thecyberexpress.com/polymorphic-malware-undetected-by-security/ #TheCyberExpressNews #polymorphicmalware #remoteaccesstrojan #ThreatIntelligence #screenrecordings #TheCyberExpress #FirewallDaily #Pythonmalware #cryptomining #CyberThreats #CyberNews #keylogger #malware #XWorm
-
New Polymorphic Malware Undetected by Security Tools https://thecyberexpress.com/polymorphic-malware-undetected-by-security/ #TheCyberExpressNews #polymorphicmalware #remoteaccesstrojan #ThreatIntelligence #screenrecordings #TheCyberExpress #FirewallDaily #Pythonmalware #cryptomining #CyberThreats #CyberNews #keylogger #malware #XWorm
-
New Polymorphic Malware Undetected by Security Tools https://thecyberexpress.com/polymorphic-malware-undetected-by-security/ #TheCyberExpressNews #polymorphicmalware #remoteaccesstrojan #ThreatIntelligence #screenrecordings #TheCyberExpress #FirewallDaily #Pythonmalware #cryptomining #CyberThreats #CyberNews #keylogger #malware #XWorm
-
New Polymorphic Malware Undetected by Security Tools https://thecyberexpress.com/polymorphic-malware-undetected-by-security/ #TheCyberExpressNews #polymorphicmalware #remoteaccesstrojan #ThreatIntelligence #screenrecordings #TheCyberExpress #FirewallDaily #Pythonmalware #cryptomining #CyberThreats #CyberNews #keylogger #malware #XWorm