- XWORM resurfaces with versions 6.0–6.5, now maintained by alias XCODERTOOLS
- Malventy software includes a rat, ransomware, data theft, back and more than 35 modular plugins
- Trellix reports the increase in virustotal samples; Phishing remains the key propagation method
XWorm, the infamous stolen door malware wreaking havoc several years ago, apparently returned after a one -year sabbatical.
Security researchers found three new versions, 6.0, 6.4 and 6.5, which surfaced on the Dark web, with several threat actors using it in their campaigns.
XWorm was built and maintained by a threat actor named Xcoder in 2022. They shared details and updates on Telegram, before going to darkness. The latest version of the malware was XWORM 5.6, which was apparently vulnerable to the execution of the remote code.
Many capacities
It is not known if the original developer is back or if the tool has been recovered by a distinct threat actor. In any case, the alias that keeps it now is XCODERTOOLS.
Malware itself is now delivered with many new capacities, as well as a modular design.
Its main characteristic, to function as a remote Troy (rat), is still there. It also comes with a ransomware module, the possibility of stealing sensitive information at compromised devices, monitoring the clipboard, journeal and capturing screens.
It can execute arbitrary orders on the infected system, manage files, extract the details of the operating system and launch the Department of Service (back) attacks.
In total, more than 35 plugins allow tailor -made features, depending on the target, which makes XWorm very versatile and dangerous malware.
Cybercriminals can now acquire the tool for a lifetime subscription of $ 500, XcoderTools announced, highlighting more than the RCE vulnerability was also addressed.
This also seems to work, because the safety researchers Trellix saw an increase in samples from Vers Xwold on Virustotal.
The best way for companies to defend themselves against new delay attacks is to opt for a multilayer security approach that can respond to attacks even after compromise. The training of staff on the dangers of phishing can also help, because the worm is mainly spread by e-mail.
Via Bleeping Compompute
Follow Techradar on Google News And Add us as a favorite source To get our news, criticisms and expert opinions in your flows. Be sure to click on the follow!
And of course, you can also Follow Techradar on Tiktok For news, criticism, unpacking in video form and obtain regular updates to us on Whatsapp Also.
