- Xworm resurfaced with versions 6.0–6.5, now maintained by alias xcodertools
- Malware includes rat, ransomware, data theft, DOS and more than 35 modular plugins
- Trellix Reports Total Virus Samples Rising; Phishing remains the key propagation method
Xworm, the infamous backdoor malware that used to wreak havoc several years ago, has apparently returned after a year-long sabbatical.
Security researchers found three new versions, 6.0, 6.4, and 6.5, that have appeared on the Dark Web, with multiple threat actors using it in their campaigns.
Xworm was built and maintained by a threat actor called Xcoder, in 2022. They used to share details and updates on Telegram, before going dark. The latest version of the malware was Xworm 5.6, which was apparently vulnerable to remote code execution.
Numerous capabilities
It is not known if the original developer is back, or if the tool was picked up by a separate threat actor. In any case, the alias that maintains it now is XcoderTools.
The malware itself now comes with numerous new capabilities as well as a modular design.
Its main feature, to function as a remote access trojan (rat), is still there. It also comes with a ransomware module, the ability to steal sensitive information from compromised devices, monitor clipboard, registration keys and capture screens.
It can execute arbitrary commands on the infected system, manage files, extract operating system details and launch denial of service (DOS) attacks.
In total, more than 35 plugins allow for custom functionality, depending on the target, making Xworm a highly versatile and dangerous malware.
Cybercriminals can now purchase the tool for a $500 lifetime subscription, XcoderTools announced, further emphasizing that the RCE vulnerability has also been addressed.
It also appears to be working, as Trellix security researchers saw an increase in Xworm samples uploaded to Virustotal.
The best way for companies to defend against new Xworm attacks is to go for a multi-layered security approach that can respond to attacks even after compromise. Training staff on the dangers of phishing can also help, as the worm primarily spreads via email.
Through BleepingComputer
Follow TechRadar on Google News and Add us as a preferred source To get our news, reviews and expert opinion in your feeds. Make sure you click the Force button!
And of course you can too Follow TechRadar on Tiktok For news, reviews, decryptions in video form and get regular updates from us on WhatsApp also.
